ISP Review Process
Summary
The following process describes how the company security policy will be reviewed on an annual basis (last Wednesday in October annually).
Note that security concerns improvement and revisions can be raised at any time though.
Assemble Review Team
Include a mix of roles such as a security officer, a lead developer, and an operations manager.
Document Collection
Ensure you have access to all current security policy documents.
Priot to Review
Prior to the session team members will read through the security documents. Use the basic security checklist (e.g., based on ISO/IEC 27001 standards to identify any missing elements.
Group Meeting / Discussion
Discuss any discrepancies, gaps, and areas of improvement noted during the initial review. Propose changes or updates needed. Remember that this is a continuous improvement process - make sure change happens in the right direction for the simpler and more helpful.
Revise Policy
Assign tasks to team members to update the policy document based on the discussion. Draft the revised policy. As markdown / git stored policies encourage people to diff read the documents.
Final Review and Approval
The review team examines the revised document. Approve if it meets the agreed standards or return for further revisions if necessary.
Implementation and Communication
Communicate the updated policy to all employees. Incorporate the updates into Implement training if necessary to ensure understanding and compliance.
| Title | ISP Review Process | |
|---|---|---|
| Document Type | Process | |
| Document ID | Version | Issued |
| TSCOSER001 | 1 | 17/06/2024 |
| Review Process | N/A | |
| Approved | Issued | Reviewer |
| PRB | PRB | PRB |