Transcription

This document is classified as VC – Restricted if the Annexes are attached.Integrated Management System (IMS)Manual20 July 2017

Contents1 Overview of the Integrated Management System (IMS) . 71.1 Purpose . 71.2 Scope of the IMS (and Exclusions from ISO 9001:2008) . 71.3 Documents of the IMS. 71.4 Policies . 81.5 Organisation Chart and Job Descriptions . 81.6 Training Records . 81.7 Processes and Procedures . 81.7.1 Job Function (JF) Procedures . 91.7.2 Business Management (BM) Procedures . 91.7.3 Information Security (IS) Procedures . 91.7.4 Business Continuity (BC) Procedures. 91.7.5 Anti-Bribery (AB) Procedure . 91.7.6 Management System (MS) Procedures . 91.8 Approved Suppliers. 91.9 Work Instructions . 10Integrated Management System (IMS) - Essentials . 11Information Security Management - Essentials . 12Information Security and Computer Use Agreement . 13Quality Policy . 15Information Security Policy . 16Business Continuity Policy . 17Environmental Policy . 18Anti-Bribery Policy . 19Anti-Slavery Statement. 21Appendix 1 - Legal and Regulatory Compliance . 23Appendix 2 - Context and Interested Parties . 27Appendix 3 - Processes . 39Appendix 4 - Guide to Opportunities and Risks . 43Appendix 5 - How to Maintain a Risk Register . 47Appendix 6 - Maintain a Business Impact Analysis . 53Appendix 7 - Information Security Guide Part 1 - Overview . 55Appendix 8 - Information Security Guide Part 2 - Legislation . 57IMS Manual20 July 2017Page 3 of 270

Appendix 9 - Information Security Guide Part 3 - Encryption . 67Appendix 10 - Company Information . 85Appendix 11 - Important Dates. 87Appendix 12 - How to Maintain this Manual . 89Annex 1 – Job Descriptions. 91Managing Director . 92Sales Director. 93Technical Director. 94Commercial Director . 95Operations Director . 96Technical Consultant and Network Manager . 97Chief Design Engineer . 98Design Engineer . 99Test Engineer . 100IMS Manager and Technical Author . 101Projects Coordinator . 102Technical Support Assistant Manager . 103Technical Support Engineer. 104Engineer that manages N3 network . 104Help Desk and Build Engineer . 105Marketing Assistant . 106Telemarketing Supervisor . 107Telemarketing Consultant . 108Account Development Manager . 109Customer Relations Manager . 110Alarm Handler . 111Financial Accountant . 112Accounts Assistant . 113Annex 2 – Procedures . 115Procedure JF-1 – Software Design and Development . 116Procedure JF-2 – Marketing. 125Procedure JF-3 – Telemarketing . 127Procedure JF-4 – Sales . 129Procedure JF-5 – Manage Customer Account . 132Procedure JF-6 – Channel Sales . 135Procedure JF-7 – Project Management . 137Procedure JF-8 – Purchasing . 143Procedure JF-9 – Build . 147Procedure JF-10 – Transport of Product . 149Procedure JF-11 – Installation . 151Procedure JF-12 – Training . 154Procedure JF-13 – Help Desk Support . 157Procedure JF-14 – Remote Service and Maintenance. 161Procedure JF-15 – On Site Service and Maintenance . 163Procedure JF-16 – Return Used Items to Stock . 167Procedure JF-17 – Technical Documentation. 169Procedure JF-18 – Customer Support. 170Procedure JF-19 – Alarm Receiving Centre Operation . 173Procedure BC-1 – Business Continuity . 177Procedure BC-2 – Emergency Lighting for the ARC . 181Procedure BC-3 – Disruption of the ARC . 182Procedure BM-1 – Starting and Finishing a Role . 184IMS Manual20 July 2017Page 4 of 270

Procedure BM-2 – Manage Provider . 187Procedure BM-3 – Maintain Details of Legal and Regulatory Requirements . 188Procedure BM-4 – Internal and External Communications. 190Procedure IS-1 – Computer Data Backups. 192Procedure IS-2 – Mobile Computing . 194Procedure IS-3 – Network Management . 197Procedure IS-4 – Change Control . 199Procedure IS-5 – Privacy Impact Assessment . 202Procedure IS-6 – Information Classification, Handling and, Clear Desk and Screen . 203Procedure IS-7 – Access Control and Rights Review . 213Procedure IS-8 – Intellectual Property. 215Procedure IS-9 – Working in Secure Areas . 218Procedure AB-1 – How to Respond to a (Potential) Bribe . 221Procedure MS-1 – Control of Documents . 222Procedure MS-2 – Control of Records . 225Procedure MS-3 – Internal Audit . 227Procedure MS-4 – Response to Nonconformity or Incident (including Corrective Action) . 229Procedure MS-5 – IMS Review Meeting. 232Procedure MS-6 – Preventive Action . 236Annex 3 – Information Asset Register . 237Approved Free and Open Source Software . 247Annex 4 – ISO 9001:2015, ISO 27001:2013 & ISO 22301:2012 Requirements . 249Annex 5 – ISO 9001:2008 Requirements . 263Changes . 267IMS Manual20 July 2017P