Scribd
Upload
41 views10 pages

CDIP-Control of Documented Information Process V 1.0

This document outlines National Aluminium Company's (NALCO) process for controlling documented information. It describes how documents are created, classified, reviewed, approved, released and archived according to ISO 27001. Key steps include assigning documents identifiers and classifications, incorporating review comments, and updating version numbers for minor and major revisions. The process aims to ensure documented information is properly managed and controlled.

Uploaded by

Siva Shankar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
41 views10 pages

CDIP-Control of Documented Information Process V 1.0

This document outlines National Aluminium Company's (NALCO) process for controlling documented information. It describes how documents are created, classified, reviewed, approved, released and archived according to ISO 27001. Key steps include assigning documents identifiers and classifications, incorporating review comments, and updating version numbers for minor and major revisions. The process aims to ensure documented information is properly managed and controlled.

Uploaded by

Siva Shankar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 10

Control Of Documented

Information Process

Confidentiality Statement

This product or document may not, in whole or in part, be copied, photocopied, reproduced, translated,
or reduced to any electronic medium or machine readable form, by any means electronic, mechanical,
photographic, optic recording or otherwise without prior consent, in writing, of the information owner.

SYS/ISMS/CDIP Internal Page 1


Document Control

Document Name Control Of Documented Information Process


Document Reference Number SYS/ISMS/CDIP
Classification Internal
Version Number V1.0
Date 18.12.2018
Reviewed by DGM(SYSTEMS)
Approved by GM(SYSTEMS)

Revision History

Date Version Description Created By


22.12.2016 D 1.0 First Draft Release ISMS Team
18.12.2018 V1.0 Base Lined ISMS Team

Distribution

 File server
 Intranet Portal

Documentation Status

This is a controlled document. This document may be printed; however, any printed copies of the
document are not controlled. The electronic version maintained in the file server and Intranet ISMS
Portal is the controlled copy.

Related documents

S. No. Document Reference Number Document Name Version


1 SYS/ISMS/ISMAN ISMS Manual V 1.1

SYS/ISMS/CDIP Internal Page 2


Acronyms and Abbreviations

Term Description
NALCO National Aluminium Company Ltd.
CISO Chief Information Security Officer
ISC Information Security Council

SYS/ISMS/CDIP Internal Page 3


TABLE OF CONTENTS

1. INTRODUCTION.................................................................................................................................... 6

2. INPUT................................................................................................................................................... 6

3. ROLES AND RESPONSIBILITY................................................................................................................. 6

4. TASKS................................................................................................................................................... 6

4.1. CREATING AND UPDATING..........................................................................................................................6


4.2. CLASSIFICATION OF THE DOCUMENT.............................................................................................................7
4.3. RELEASE OF THE DOCUMENT.......................................................................................................................7
4.4. CONTROL OF DOCUMENTED INFORMATION....................................................................................................7
4.5. ARCHIVAL OF DOCUMENTS.........................................................................................................................8
4.6. OUTPUT..................................................................................................................................................8
4.7. GUIDELINES, TEMPLATES............................................................................................................................8
4.8. ISO 27001:2013 REFERENCE....................................................................................................................8

ANNEXURE A................................................................................................................................................ 9

SYS/ISMS/CDIP Internal Page 4


1. Introduction

This extent of documented information for ISMS at NALCO is dependent upon size, types of activities,
processes and services, complexity of processes and their interaction.

It includes documented information as required by International Standard ISO 27001:2013 and any
other information that is determined by the organization as being necessary for the effectiveness of
ISMS.

2. Input

 Requirements of ISO 27001:2013


 Requirements as per ISMS at NALCO

3. Roles and Responsibility

ROLES RESPONSIBILITIES
Author Preparation and Modification of Document.
Reviewer Review of the document.
Approver Approval of the document.

4. Tasks

This implies to the set of activities needed to initiate, analyze, prepare, review, approve and release a
new / existing document.

4.1. Creating and Updating

 Each document is identified by -


o Document Name
o Document Reference Number
o Classification
o Version Number
o Date
o Reviewed by
o Approved by
 All documents are created by the designated Author, identified by the CISO;
 After a document is created/ revised, the document is given for review. The reviewer is
respective ISC Member, the process owner or as identified by CISO.
 After review, the document is given back to the author with review comments, if any;

SYS/ISMS/CDIP Internal Page 5


 After author incorporates the review comments, the document is sent back for re-verification.
 After re-verification, the process owner approves the document which is thereafter released by
the new version number.

4.2. Classification of the Document

 Whenever a new document is created, it is assigned a Classification depending on the level of


confidentiality to be maintained for the subject document. One of the following classification is
assigned to the document –
o Confidential: When access and viewing rights is only at Top Management / HOD Level.
o Restricted: When access and viewing rights is only for a specified Department / Group /
Team.
o Internal : When access and viewing rights is permitted for all within NALCO.

 If no Classification is mentioned in the Document, it will be assumed as ‘Public’ and can be made
accessible to anyone in the Public domain.

4.3. Release of the Document

 Whenever a new document is released for the first time, it is assigned version no. 1.
 In case an existing document is revised, version number is changed by 0.1 for minor changes and
for major changes round off the version number to the next whole digit number (e.g. if the
current version number of the document is 2.2 and a minor change occurs, then the version
number will escalate to 2.3 and if a major change occurs, then the version number will switch to
3.0). Only 9 minor versions can be released for a template/format.
 A major version should necessarily be released after 9 minor versions, but a major version can
be released whenever appropriate ;
 If a document is modified or revised, the previous version becomes obsolete and is marked
accordingly;
 An email notification sent by the CISO is considered as the Document Release. However, no
record of such mails will be maintained;
• All the processes, templates, checklist and guidelines are to be stored in a separate Folder in the
File Server at NALCO.

4.4. Control of documented information

 Documented Information as required by ISMS at NALCO is controlled to ensure that records are
o Legible;
o Available and suitable for use, where and when needed;
o Readily identifiable;
o Adequately protected (from loss of CIA);
o Retrievable;

SYS/ISMS/CDIP Internal Page 6


 Control of documented information in NALCO includes as applicable-
o Distribution, access, retrieval and use;
o Storage and preservation, including the preservation of legibility;
o Version control of documents;
o Retention and disposition;
• Records are retained as per retention policy of NALCO. The documents of external origin
determined by the organization, as being necessary for the planning and operation of ISMS are
controlled.

4.5. Archival of Documents

 The documents and records (documented information) are archived as per the archival policy in
force at NALCO.

4.6. Output

 Released Document

4.7. Guidelines, Templates

 Template for Process Definition in Annexure A

4.8. ISO 27001:2013 Reference


• 7.5.3

SYS/ISMS/CDIP Internal Page 7


Annexure A

Process Name

Confidentiality Statement
This product or document may not, in whole or in part, be copied, photocopied, reproduced, translated,
or reduced to any electronic medium or machine readable form, by any means electronic, mechanical,
photographic, optic recording or otherwise without prior consent, in writing, of the information owner.

Document Control

SYS/ISMS/CDIP Internal Page 8


Document Name PROCESS NAME
Document Reference Number SYS/ISMS/Doc-Abbreviation
Classification Confidential / Restricted / Internal
Version Number
Date
Reviewed by
Approved by

Revision History

Date Version Description Created By

Distribution

 File Server
 CISO

Documentation Status

This is a controlled document. This document may be printed; however, any printed copies of the
document are not controlled. The electronic version maintained in the file server and Intranet ISMS
Portal is the controlled copy.

Related documents

S. No. Document Reference Number Document Name Version

Acronyms and Abbreviations

SYS/ISMS/CDIP Internal Page 9


Term Description

SYS/ISMS/CDIP Internal Page 10

You might also like