Integrated Management System (IMS) Manual
2y ago
68 Views
1 Downloads
1.30 MB
89 Pages
Report/dmca
Download PDF

Transcription

This document is classified as VC – Restricted if the Annexes are attached.Integrated Management System (IMS)Manual20 July 2017

Contents1 Overview of the Integrated Management System (IMS) . 71.1 Purpose . 71.2 Scope of the IMS (and Exclusions from ISO 9001:2008) . 71.3 Documents of the IMS. 71.4 Policies . 81.5 Organisation Chart and Job Descriptions . 81.6 Training Records . 81.7 Processes and Procedures . 81.7.1 Job Function (JF) Procedures . 91.7.2 Business Management (BM) Procedures . 91.7.3 Information Security (IS) Procedures . 91.7.4 Business Continuity (BC) Procedures. 91.7.5 Anti-Bribery (AB) Procedure . 91.7.6 Management System (MS) Procedures . 91.8 Approved Suppliers. 91.9 Work Instructions . 10Integrated Management System (IMS) - Essentials . 11Information Security Management - Essentials . 12Information Security and Computer Use Agreement . 13Quality Policy . 15Information Security Policy . 16Business Continuity Policy . 17Environmental Policy . 18Anti-Bribery Policy . 19Anti-Slavery Statement. 21Appendix 1 - Legal and Regulatory Compliance . 23Appendix 2 - Context and Interested Parties . 27Appendix 3 - Processes . 39Appendix 4 - Guide to Opportunities and Risks . 43Appendix 5 - How to Maintain a Risk Register . 47Appendix 6 - Maintain a Business Impact Analysis . 53Appendix 7 - Information Security Guide Part 1 - Overview . 55Appendix 8 - Information Security Guide Part 2 - Legislation . 57IMS Manual20 July 2017Page 3 of 270

Appendix 9 - Information Security Guide Part 3 - Encryption . 67Appendix 10 - Company Information . 85Appendix 11 - Important Dates. 87Appendix 12 - How to Maintain this Manual . 89Annex 1 – Job Descriptions. 91Managing Director . 92Sales Director. 93Technical Director. 94Commercial Director . 95Operations Director . 96Technical Consultant and Network Manager . 97Chief Design Engineer . 98Design Engineer . 99Test Engineer . 100IMS Manager and Technical Author . 101Projects Coordinator . 102Technical Support Assistant Manager . 103Technical Support Engineer. 104Engineer that manages N3 network . 104Help Desk and Build Engineer . 105Marketing Assistant . 106Telemarketing Supervisor . 107Telemarketing Consultant . 108Account Development Manager . 109Customer Relations Manager . 110Alarm Handler . 111Financial Accountant . 112Accounts Assistant . 113Annex 2 – Procedures . 115Procedure JF-1 – Software Design and Development . 116Procedure JF-2 – Marketing. 125Procedure JF-3 – Telemarketing . 127Procedure JF-4 – Sales . 129Procedure JF-5 – Manage Customer Account . 132Procedure JF-6 – Channel Sales . 135Procedure JF-7 – Project Management . 137Procedure JF-8 – Purchasing . 143Procedure JF-9 – Build . 147Procedure JF-10 – Transport of Product . 149Procedure JF-11 – Installation . 151Procedure JF-12 – Training . 154Procedure JF-13 – Help Desk Support . 157Procedure JF-14 – Remote Service and Maintenance. 161Procedure JF-15 – On Site Service and Maintenance . 163Procedure JF-16 – Return Used Items to Stock . 167Procedure JF-17 – Technical Documentation. 169Procedure JF-18 – Customer Support. 170Procedure JF-19 – Alarm Receiving Centre Operation . 173Procedure BC-1 – Business Continuity . 177Procedure BC-2 – Emergency Lighting for the ARC . 181Procedure BC-3 – Disruption of the ARC . 182Procedure BM-1 – Starting and Finishing a Role . 184IMS Manual20 July 2017Page 4 of 270

Procedure BM-2 – Manage Provider . 187Procedure BM-3 – Maintain Details of Legal and Regulatory Requirements . 188Procedure BM-4 – Internal and External Communications. 190Procedure IS-1 – Computer Data Backups. 192Procedure IS-2 – Mobile Computing . 194Procedure IS-3 – Network Management . 197Procedure IS-4 – Change Control . 199Procedure IS-5 – Privacy Impact Assessment . 202Procedure IS-6 – Information Classification, Handling and, Clear Desk and Screen . 203Procedure IS-7 – Access Control and Rights Review . 213Procedure IS-8 – Intellectual Property. 215Procedure IS-9 – Working in Secure Areas . 218Procedure AB-1 – How to Respond to a (Potential) Bribe . 221Procedure MS-1 – Control of Documents . 222Procedure MS-2 – Control of Records . 225Procedure MS-3 – Internal Audit . 227Procedure MS-4 – Response to Nonconformity or Incident (including Corrective Action) . 229Procedure MS-5 – IMS Review Meeting. 232Procedure MS-6 – Preventive Action . 236Annex 3 – Information Asset Register . 237Approved Free and Open Source Software . 247Annex 4 – ISO 9001:2015, ISO 27001:2013 & ISO 22301:2012 Requirements . 249Annex 5 – ISO 9001:2008 Requirements . 263Changes . 267IMS Manual20 July 2017Page 5 of 270

1Overview of the Integrated Management System (IMS)1.1PurposeOur Integrated Management System (IMS) enables us to implement the following:(1)(2)(3)(4)(5)Quality Management in accordance with ISO 9001:2015 (and ISO 9001:2008);Information Security Management in accordance with ISO 27001:2013;The requirements of the NHS Information Governance Statement of Compliance (IGSoC);Business Continuity Management;Anti-Bribery Management.1.2Scope of the IMS (and Exclusions from ISO 9001:2008)Voice Connect design, develop, supply and support the following:Integrated telephony and multiple media computer messaging products and services;An Alarm Receiving Centre (ARC) that provides a lone worker monitoring service;A Payment Portal that enables a cardholder to make secure payments.Our IMS covers all of our operations.We exclude the following sections of ISO 9001:2008.Section 7.5.2Validation of processes for production and service provisionAll processes for the provision of products and services are verifiedby testing.(We test all of our software and built computer systems.)Section 7.61.3Control of monitoring and measuring equipmentWe do NOT use any monitoring or measuring equipment.Documents of the IMSThe IMS consists of the following documents.IMS ManualThis document.Organisation ChartRefer to Section 1.5 (Page 8).Business Impact AnalysisRefer to Appendix 6.Risk RegisterRefer to Appendix 5.Statement of ApplicabilityThis details how the IMS satisfies the requirements of thecontrols of ISO 27001:2013, Annex A.We give the IMS Manual and Organisation Chart to each new employee that joins the company. Ifeither document changes, we distribute the changed document to all employees. Where appropriate,we also provide these documents to contractors.IMS Manual20 July 2017Page 7 of 270

1.4PoliciesThe IMS contains the following five policies and operates based on the first four shown in bold italics.Quality PolicyInformation Security PolicyBusiness Continuity PolicyAnti-Bribery PolicyEnvironmental PolicyAlso, employees must agree to, and sign, the following.Information Security and Computer Use Agreement1.5Organisation Chart and Job DescriptionsThe Organisation Chart is a separate document that shows the structure of Voice Connect, with thenames and Job Titles of all employees. It is updated and distributed to everyone, whenever someonejoins or leaves the organisation, or changes roles. Each Job Title on the Organisation Chartcorresponds to a Job Description.NOTE(1)Annex 1 contains the Job Descriptions.Most employees do one or more procedural job functions. Some also do non-procedural jobfunctions, such as administration or management. Each Job Description specifies thefollowing:(a)(b)(c)(2)Principal Job Function (JF) procedures; refer to Section 1.7.1 (Page 9);Other applicable procedures, listed in the remainder of Section 1.7 (Page 8);Additional non-procedural job functions.Each Job Description also specifies the Knowledge and Skills that the employee requires.These are an amalgamation of any Knowledge and Skills required by the following:(a)(b)Any procedure(s) that the employee does;Any additional non-procedural job functions.1.6Training Records(1)Each employee’s Training Record contains the following.(a)(b)(c)The Knowledge and Skills that the employee had when he/she joined Voice Connect.Any Training that Voice Connect has provided to the employee.Any Training that Voice Connect schedules for the employee (to acquire any requiredskills as specified on the employee’s job description).(2)The cumulative training required by all the employees of Voice Connect, enables theorganisation to plan and implement a schedule of training for its employees.1.7Processes and ProceduresThe IMS has six categories of procedures, which the following sub-sub-sections describe.NOTEIMS ManualAnnex 2 contains the Procedures.20 July 2017Page 8 of 270

1.7.1Job Function (JF) ProceduresThese procedures describe core job functions that contribute to the provision of our products andservices. Each one specifies the skills required to do the procedure.NOTE1.7.2Appendix 3 provides details of our processes.Business Management (BM) ProceduresThese procedures satisfy general business requirements and requirements of ISO 27001:2013 andISO 22301:2012.1.7.3Information Security (IS) ProceduresThese procedures satisfy requirements of ISO 27001:2013.NOTES1.7.4(1)Procedures in other sub-sub-sections cover requirements of ISO 27001.(2)The Employee’s Handbook contains a Disciplinary Procedure.Business Continuity (BC) ProceduresThese procedures satisfy general business continuity requirements and requirements ofISO 27001:2013, Control A.17.1.1.7.5Anti-Bribery (AB) ProcedureThis procedures addresses requirements of the UK Bribery Act 2010 and customer contractualrequirements to implement arrangements to respond to (potential) bribery.1.7.6Management System (MS) ProceduresThese procedures cover requirements of ISO 9001:2008, ISO 9001:2015, ISO 27001:2013 andISO 22301:2012. Procedures MS1 to MS-4 and MS-6 cover explicit requirements for procedures.Procedure MS-5 covers requirements for the inputs, outputs and records of management reviews.1.8Approved SuppliersThe Stock and Purchases Database can assign one of four categories to each supplier.ON TrialApprovedDo Not UseIn UseInitially, new suppliers are assigned the category On Trial and if found to be satisfactory are thenassigned the category Approved. The Technical Director authorises the assignment of a category toa supplier in the Stock and Purchases Database. The database can output a List of ApprovedSuppliers, which is a list of those suppliers, assigned the category Approved, as described above.IMS Manual20 July 2017Page 9 of 270

1.9Work InstructionsWhere appropriate, procedures are supplemented by Work Instructions. The following table lists theowner of each Work Instruction (usually the relevant team manager), who authorises each issue of it.No.TitleOwner1VC1 Build Note

15 Termination of Use of Medical Messenger with EMIS software Cust. Serv. Mgr. 16 Moves and Changes – Patient Partner Commercial Director . The Integrated Management System (IMS) includes the following documents,

Related Books

Integrated Management System Manual

Integrated Management System Manual

GTAR W rld - ims.tulsarealtors

GTAR W rld - ims.tulsarealtors

ISO/IEC 17025 Guidance for IMS: Suggestions on How to .

ISO/IEC 17025 Guidance for IMS: Suggestions on How to .

IMS a division of Anixter Inc. Packing Slip

IMS a division of Anixter Inc. Packing Slip

Intelligent Medical Software (IMS) Solution Overview

Intelligent Medical Software (IMS) Solution Overview

WHO’s IMS Organizational Structure Overview

WHO’s IMS Organizational Structure Overview

IMS

IMS

An Introduction to IMS: Your Complete Guide to IBM .

An Introduction to IMS: Your Complete Guide to IBM .

WHY AN INtEGRAtED APPLIANCE? NEtBACKUP INtEGRAtED .

WHY AN INtEGRAtED APPLIANCE? NEtBACKUP INtEGRAtED .

Integrated Workplace Management System (IWMS)

Integrated Workplace Management System (IWMS)

Module 5 Developing an integrated management system

Module 5 Developing an integrated management system

Integrated Management System - Parker Drilling

Integrated Management System - Parker Drilling

PopularTags

Recent Views