Procedure for AMS Document Control

Details

Date	Version	Status	Information Classification	Document Template ID	Document No
15-11-2019	1.8	Approved	Internal	AMS DOC	AMS-CP-01

Revision History

Date	Version	Description	Author	Reviewed by	Approved by	Approved date
29-03-2012	1.0	This procedure supersedes and replaces procedure QP 018 – procedure for control of documents and records.Procedure revised to integrate related ISO 9001:2008 and ISO 27001:2005 ISMS requirements
14-01-2013	1.1	Document Change Request Form: AMS-CF-01 for Major changes and e-mail communication with details of changes incorporated within	Premanand	Premanand	Premanand
24-06-2013	1.2	Document owner to check the correctness of the changed and approved document uploaded by MR in the active folder of the repository. Document owner to intimate MR for any discrepancies with respect to version control and approval
04-06-2015	1.3	Changed ISO/IEC 27001:2005 to ISO/IEC 27001:2013. Ref internal audit finding of May 2015.
15-07-2015	1.4	Changed as per BSI audit findings
17-03-2016	1.5	Reviewed, no changes recommended
09-08-2017	1.6	Reviewed, word “shall” has been replaced suitably
23-11-2018	1.7	No Changes
14-11-2019	1.8	Changes made as per the standard Document	Shaila	Shaila/Usha	Suresh Kumar B V	15-11-2019

Acronym Used

Acronym	Expanded Form
QMS	Quality Management System
ISMS	Information Security Management System
AMS	Antares Management System (QMS + ISMS)
ASL	Antares Systems Limited, Bangalore
CISO	Chief Information Security Officer
M.R	Management representative
HOD	Head of the Department
CEO	Chief Executive Officer

Introduction

This procedure describes the procedures for control of AMS documents. The purpose of this procedure is to define the activities required to ensure all documents, and records of quality and information security management systems are reviewed and approved by authorized personnel prior to issue and that they are protected and controlled

Reference

ISO 27001:2013 Clause 7.5
ISO 9001:2015 Clause 7.5

Key Practices & Responsibility

The key practices and responsibilities are as follows:

Srl.	Key Practice	Responsibility
	Responsibility for Developing and Maintaining AMS	Process Owners, Quality Team
	AMS Document Identification	Process Owners, Quality Team
	Developing and Maintaining AMS	Quality Team, Process owners
	ISMS Document Storage and Archival	Quality Team
	ISMS Document Issue and Control	Quality Team

Key Practice Details

Responsibility for Developing and Maintaining AMS

Development of AMS is facilitated by Quality Team.
Quality Team will provide the process documentation standards and templates for developing the AMS documents.
The developments of AMS documents are done by Quality Team and process owners identified from various functions of the organization.
Quality Team will also verify the AMS artifacts developed by process owners are consistent with ASL's process documentation standards.
Quality Team will be the custodian for AMS artifacts.
Quality Team will maintain a master list of AMS artifacts Vs the process owners Vs reviewers and approvers for maintaining and approving AMS artifacts using the Master List of Documents template.

AMS Document Identification

Process Owners in consultation with Quality Team are responsible for identifying the documents required for defining and establishing the AMS.
The AMS documents include the following:

The AMS documents may be in one of two states:
- Draft: An unapproved document will be in "Draft" state.
- Controlled: An approved document will be in "Controlled" state.
All AMS documents will have a version number in X.Y format where Xis the major release number and Y is the minor release number. The major release number (X) will be incremented for every major change of ISMS where revisions across AMS documents are seen whereas the minor release number (Y) will be incremented for revision/change of individual documents. The decision on what constitutes a major release is taken by the Antares Management Forum/CISO.
All AMS documents will include revision history that describes the following:
- Date of revision
- Version number
- Description of changes
- References to change (e.g. Document Change Request)
- Author for the revision
- Reviewers for the revision
- Approver name

Developing and Maintaining AMS

The initial version of AMS is developed by the Process Owners (Respective Department Representatives) and Quality Team.
Requests for changes to AMS are submitted to Quality team using Document Change Request form. The request for changes may arise from:
- Planned process improvement initiatives.
- Findings from internal and external audits and assessments.
- Suggestions from employees for process improvements.
The document preparation and approval authority is as follows:

+---------+----------+----------+----------+----------+----------+ | Sl. | > Do | > Pre | > | > Ap | > | | | cument | paration | Review | proval | Issue | | No. | | > / | > | > | > | | | | > Re | Responsi | > Aut | Responsi | | | | vision | bility | hority | bility | | | | > | | | | | | | > | | | | | | | Responsi | | | | | | | bility | | | | +=========+==========+==========+==========+==========+==========+ | 1 | > AMS | > MR | > | > CEO | > MR | | | > Manual | > /CISO | MR/CISO | | > /CISO | +---------+----------+----------+----------+----------+----------+ | 2 | > ISMS | > MR./ | > CEO | > CEO | > MR | | | > Policy | > CISO | | | > /CISO | | | > / | | | | | | | > | | | | | | | Quality | | | | | | | > Policy | | | | | +---------+----------+----------+----------+----------+----------+ | 3 | > | > MR. | > CEO | > CEO | > MR | | | Quality | | | | | | | > Ob | | | | | | | jectives | | | | | +---------+----------+----------+----------+----------+----------+ | 4 | > S | > CISO | CISO | CEO | CISO | | | tatement | | | | | | | > of | | | | | | | > Appli | | | | | | | cability | | | | | +---------+----------+----------+----------+----------+----------+ | 6 | > AMS | > Re | > Re | > | > MR | | | > Pr | spective | spective | CEO/CISO | > /CISO | | | ocedures | > Dept. | > Dept. | | | | | | > Rep | > | | | | | | | Rep/CISO | | | +---------+----------+----------+----------+----------+----------+ | 7 | > BCP | > | CISO & | CEO | CISO | | | | CRO/BCP | Dept | | | | | | > Mai | Heads | | | | | | ntenance | | | | | | | > coo | | | | | | | rdinator | | | | +---------+----------+----------+----------+----------+----------+ | 8 | > | > Re | > Re | > | > CISO | | | ISMS/QMS | spective | spective | CISO/CEO | | | | > Domain | > Dept. | > Dept. | | | | | > | > Rep | > | | | | | Specific | | Rep/CISO | | | | | > Pol | | | | | | | icies/Pr | | | | | | | ocedures | | | | | +---------+----------+----------+----------+----------+----------+ | 9 | > Level | > Re | > Re | > Fu | > MR | | | > 2/3/4 | spective | spective | nctional | > /CISO | | | > D | > Dept. | > Dept. | > Head | | | | ocuments | > Rep | > Rep | | | +---------+----------+----------+----------+----------+----------+

Initial analysis of the Change Request will be done by the Quality Team to identify the area of impact and the impacted items. The Process Change Request is then forwarded to the identified Process Owner for further analysis and approval.
A detailed analysis of the change request is done by relevant Process Owner in consultation with Quality Team (if required). The results of the detailed analysis are reviewed with Quality Team to decide on approval/rejection, priority for implementation and owner for the process change.
If the change request is approved for implementation:
- Quality Team will check out the impacted AMS artifacts from Common Repository for revision and update.
- The Process Owner/ Quality Team will modify/revised the impacted AMS artifacts.
- The revised/updated AMS artifacts are reviewed by identified reviewers.
- The reviewed artifacts will be approved by the respective process owner.
- Quality Team will check-in the approved artifacts into Common Repository.
- Quality Team will send change request to the requestor for closure.
Irrespective of the revisions made, the complete AMS documentation will be subjected to review at least once a year to determine its continued suitability or the need for revision.

AMS Document Storage and Archival

The AMS documents are placed under configuration control Common Repository.
Quality Team is responsible for AMS document control.
Quality Team will backup and archive AMS documents whenever new releases are made.
The Organisation/respective functions may retain a copy of obsolete documents in electronic media for legal or reference purpose. Whenever obsolete documents are retained in hard copy, such documents will be duly identified as "OBSOLETE".

AMS Document Issue and Control

AMS Document issue will be in soft copy mode though controlled access to employees via the organization's Intranet or through controlled access to Common repository.
AMS Documents will not be issued in hard copy
Quality Team is responsible for deploying the revised AMS documents in the organization's Intranet.
Quality Team will notify the changes to all or impacted employees.
If significant changes are made to the AMS, the Process Owners, in coordination with HR/Training Function, conduct training sessions to train the affected groups.
Responsibility for the control of various documents of external origin is as given below:

References

Srl.	Document/Section Name
	Procedure for Information Classification and Handling
	Procedure for Safeguarding Organizational Records
	Procedure for Backup and Recovery

Implementation Artifacts

Srl.	Template ID	Artifact Name
	F-DCR	Document Change Request

#Details

#Revision History

#Acronym Used

#Introduction

#Reference

#Key Practices & Responsibility

#Key Practice Details

#Responsibility for Developing and Maintaining AMS

#AMS Document Identification

#Developing and Maintaining AMS

#AMS Document Storage and Archival

#AMS Document Issue and Control

#References

#Implementation Artifacts