Procedure for AMS Improvements
Details
| Date | Version | Status | Information Classification | Document Template ID | Document No |
|---|---|---|---|---|---|
| 16-03-2020 | 1.0 | Approved | Internal | AMS DOC | AMS-SP-39 |
Revision History
| Date | Version | Description | Author | Reviewed by | Approved by | Approved date |
|---|---|---|---|---|---|---|
| 13-03-2020 | 1.0 | Initial Version | Shaila | AMF | Suresh Kumar B V | 16-03-2020 |
Acronym Used
| Acronym | Expanded Form |
|---|---|
| AMS | Antares Management System |
| ASL | Antares Systems Limited |
| AMF | Antares Management Forum |
| MR | Management Representative |
| CISO | Chief Information Security Officer |
Introduction
The purpose of this procedure is to define mechanisms for continuous improvements through corrective and preventive actions.
Information Security Policy Reference
- Clause 10 ISO 9001:2015 & 10 ISO 27001:2013
Scope
This procedure is applicable to ASL's AMS.
Key Practices & Responsibility
The key practices and responsibilities are as follows:
| Srl. | Key Practice | Responsibility |
|---|---|---|
| Inputs for AMS Improvements | AMF, All employees | |
| Corrective Actions | Auditees | |
| Preventive Actions | Individual Security Groups | |
| Continual improvement | AMF |
Key Practice Details
Inputs for AMS Improvements
ASL will determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction.
These will include
Improving products and services to meet requirements as well as to address future needs and expectations
Correcting, preventing or reducing undesired effects
Improving the performance and effectiveness of the Antares Management System
The sources of inputs for process improvements include the followings:
Review of AMS (scheduled or unscheduled)
Findings from security incidents
Results of AMS effectiveness measurements
Non-conformities found during AMS Audits.
Non-conformities found during external audits.
Improvement opportunities identified during AMF meetings
Improvement opportunities identified during AMS Audits.
Improvement opportunities identified during external Audits.
Document Change requests for process improvement submitted by employees.
Corrections and Corrective Actions
Corrections and Corrective actions will be taken to address non-conformities identified during AMS Audits or External Audits. The auditee is responsible for ensuring required corrective actions are taken for non-conformities identified during AMS Audits. Auditee's function's Head is responsible for ensuring required corrective actions are taken for non-conformities identified during external Audits.
The non-conformity is analyzed to identify the cause due to which it occurred and the corrective action needed to ensure that the non-conformity does not recur.
The corrective action is implemented and the results are reviewed by the auditor to ensure that the actions taken are appropriate.
The sources for measurements/metrics collection will be as described in the metrics plan.
ASL will retain documented information as evidence of:
The nature of the nonconformities and any subsequent actions taken
The results of corrective action
Preventive Actions
Preventive actions are initiated for process improvements based on process improvement opportunities identified during AMS Audits or External Audits and BMF Change Requests submitted by employees.
Preventive actions may also be identified by AMF or Individual Security Groups based on changed risks. If significant changes to risks are identified, AMF will ensure risk assessment is conducted and appropriate risk treatment plan and preventive actions are identified and implemented.
The process improvement opportunity/suggestion is analyzed by AMF to assess its suitability, its impact on AMS and any preventive actions to be taken. AMF will implement any process changes as per Procedure for AMS Document Control.
The appropriate Security Group will implement any preventive actions identified. The results of the preventive action implemented are reviewed by the Security Group to ensure that planned improvements are met.
Continual improvement
The continual improvement of the effectiveness of the AMS is achieved through the use of policy, and objectives, audit results, analysis of data from performance assessment, corrective and preventive actions, incident reports, RA report, business changes (Objectives, process, industry practices, legal/regulatory), environmental change (New threats and vulnerabilities, technology Changes, and management reviews.
MR consolidates the inputs from these sources and reviews it for identifying improvement opportunities. MR presents it in AMF meeting to all interested /affected parties.
All improvements are directed towards predefined organization's business objectives.
The process improvement initiatives support the critical evaluation of the AMS business processes in order to improve and optimize the processes to support the meeting of the business objectives.
All interested parties are encouraged to report Process improvement, control weaknesses of AMS to MR/CISO.
The process improvement suggestions are evaluated by AMF and if accepted, the process changes are conducted as per the change management process and awareness is provided to the interested parties post the formal communication of the changes. The effectiveness of the new/ modified process is monitored by MR/CISO.
References
References
| Srl. | Document/Section Name |
| Procedure for Information Security Review and Audit | |
| Procedure for AMS Document Control |
Implementation Artifacts
| Srl. | Template ID | Artifact Name |
| F-AMSAR | AMS Audit Report | |
| DCR | Document Change Request |