Upload
others
View
13
Download
0
Embed Size (px)
Citation preview
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 1 of 23
ISMS Policy version 1.40 (November 2018) For Issue
Document Version No. 1.40 Updated November 2018
ISO27001:2005 ISMS POLICY DOCUMENT
Version 1.40
November 2018
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 2 of 23
ISMS Policy version 1.40 (November 2018) For Issue
Document Version No. 1.40 Updated November 2018
Table of Contents
1 Introduction ................................................................................................................................ 4
2 Issue Status ................................................................................................................................. 5
3 Overview of Comtec .................................................................................................................... 6
3.1 Scope of Registration ...................................................................................................................... 6
4 Information Security Management System .................................................................................. 7
4.1 Control of Documents ..................................................................................................................... 9
4.2 Control of Records .......................................................................................................................... 9
5 Management Commitment ........................................................................................................ 10
5.1 Role of Senior Management ......................................................................................................... 10
6 ISMS POLICY .............................................................................................................................. 10
6.1 Introduction .................................................................................................................................. 10
6.2 Scope of the Policy ........................................................................................................................ 10
6.3 legal and regulatory obligations ................................................................................................... 10
6.4 Roles and Responsibilities ............................................................................................................. 10
6.5 Strategic Approach and Principles ................................................................................................ 11
6.6 Business Continuity Management ................................................................................................ 11
6.7 Approach to Risk Management .................................................................................................... 11
6.8 Information Security Objectives ................................................................................................... 11
6.9 Responsibility, authority and communication .............................................................................. 12
6.10 Management Review .................................................................................................................... 12
6.11 Review Input ................................................................................................................................. 13
6.12 Review Output .............................................................................................................................. 13
7 Provision of Resources ............................................................................................................... 14
7.1 Human Resources General ............................................................................................................ 14
7.2 Infrastructure ................................................................................................................................ 14
8 Risk Assessment Methodology ................................................................................................... 17
9 Measurement, Analysis & Improvement .................................................................................... 17
9.1 Information Security Standards .................................................................................................... 17
9.2 Internal ISMS Audits ...................................................................................................................... 18
9.3 Monitoring & Measurement of Processes .................................................................................... 19
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 3 of 23
ISMS Policy version 1.40 (November 2018) For Issue
Document Version No. 1.40 Updated November 2018
9.4 Monitoring & Measurement of Service ........................................................................................ 19
9.5 Analysis of Data ............................................................................................................................. 19
9.6 Continual Improvement ................................................................................................................ 19
9.7 Corrective Action .......................................................................................................................... 21
9.8 Preventative Action ....................................................................................................................... 21
10 Appendices ................................................................................................................................ 22
10.1 Appendix 1 – Organisation Chart .................................................................................................. 22
Appendix 2 – List of Controlled Documents ............................................................................................ 23
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 4 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
1 INTRODUCTION
This document is the ISMS Policy Document of Comtec. It is the property of Comtec and is a controlled document. The purpose of the ISMS Policy Document is to provide an overview of the company, the activities it carries out and the quality standards of operation it conforms to. It is not designed to act as a procedure manual, although it does carry information about where procedures information is located and the detailed information on Documentation Requirements for essential procedures e.g. document control, and control of records; internal audit and corrective/preventative action (please see Procedures Log). Throughout this ISMS Policy Document there are explanations of the requirements of the standard, paraphrased and appended in smaller grey text. This precedes a section explaining how the company implement this particular aspect of the standard.
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 5 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
2 ISSUE STATUS
The issue status is indicated by the version number in the footer of this document. It identifies the
issue status of this ISMS Policy Document.
When any part of this ISMS Policy Document is amended, a record is made in the Amendment Log
shown below.
The ISMS Policy Document can be fully revised and re-issued at the discretion of the Management
Team.
The ISMS Policy Document will be reviewed on a Quarterly basis as standard.
Please note that this ISMS Policy Document is only valid on day of printing.
Issue Amendment Date Initials Authorised
1 Version 1 01/08/13 DR DR
2 Update of staff members referred to in the document. Update of internal audit process flowchart.
23/09/16 CS NC
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 6 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
3 OVERVIEW OF COMTEC
At Comtec Enterprises Ltd we have built a business aimed at providing a single fully managed service of power protection and IT Infrastructure solutions for IT and Telecom environments. With over 15 years experience and many businesses depending on us to plan, protect and sustain their corporate productivity, we can say we are amongst the leaders in the field of providing truly scalable and highly flexible solutions. As “Trusted Advisers” in the infrastructure environment we are able to deliver a solution based on your business needs today and that scales in line with your businesses growth. In building long relationships with our customers and partnering the global leader in UPS systems, we understand the importance of customer service, quality and after sales support. We are dedicated in building trusting relationships with our customers. For more information about Comtec Enterprises Ltd please visit www.comtec.com. 3.1 Scope of Registration Design and installation of data centres, infrastructure networks and communications including (but not restricted to) sales & supply of hardware, software, project management, consultancy, managed services and support contracts
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 7 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
4 INFORMATION SECURITY MANAGEMENT SYSTEM
Define Scope
Objectives Testing Framework
Risk Assessment Criteria
Identify assets
Identify threats to assets
Identify vulnerabilities which could be exploited
Identify impact of loss of Confidentiality
Integrity, Availability
Estimate Cost of Risks
Risks Accepted
Management Authorise ISMS
Summary of decisions regarding risk
Assessment, justify exclusions
Estimate Options for Minimising Risk
Apply Controls
Accept Risks
Avoid Risks
Transfer Risks (e.g. Insurance)
Statement of Applicability
No
Yes
ESTABLISHING AN ISMS
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 8 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
Comtec has a commitment to quality and a formal information security management system (ISMS) that addresses the following areas:
Quality
Performance monitoring and review
Policy and Procedures
Managing external relationships
Financial Management
Strategic and business planning
Human resource development
Service innovation.
Risk Treatments
Plan
Identify Management Action
Resources, Responsibilities
and Privileges
Implement Risk
Treatment Plan
Implement Controls to meet Control
Objectives
Implement Training & Awareness Program
IMPLEMENTING AND OPERATING AN ISMS
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 9 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
The Senior Management Team is responsible for implementing the ISMS and ensuring the system is understood and complied with at all levels of the organisation. They are responsible for ensuring that all staff:
Are aware of the policies and objectives of the organisation Are committed to implementing Comtec’s Information Security Management System Understand service user requirements Create positive internal and external communications Understanding of the organisation's processes Understanding how statutory and regulatory requirements impact on the organisation and
service users Understand their area of responsibility Use time and resources efficiently Reduce wastage Contribute to high levels of morale and motivation within the organisation.
Comtec’s Information Security Management System is managed by the Information Security Officer (Phil Reed), although ultimate responsibility is with the Managing Director (Nick Claxson). All staff are required to maintain the system and to have a stake in improvements to efficiency. An internal audit of procedures and policies is conducted quarterly with an annual external audit taking place in November. 4.1 Control of Documents All documents are maintained and controlled by the Information Security Officer (Phil Reed). Policy and procedure documents are reviewed annually. Any documents requiring amendment are updated, authorised, and completed. All updates to documents are signed and dated by the Information Security Officer (Phil Reed). Documents are re-issued as an electronic PDF document and a limited number of hard copies are produced. Obsolete documents will be archived and restricted by the Information Security Officer, electronic copies of all past versions are kept. All managers hold responsibility for cascading information to staff. Documents received by fax should be removed immediately and handed to the person to whom it is addressed. 4.2 Control of Records All project records are stored in appropriate electronic folders and managed by respective departments. Hard copies of documents are restricted to a minimum and should not be produced unnecessarily. Electronic records are encouraged over hard copies due to environmental concerns, available storage space and to prevent unnecessary expenditure.
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 10 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
5 MANAGEMENT COMMITMENT
5.1 Role of Senior Management Comtec’s Senior Management Team are committed to the development and implementation of an Information Security Policy, an Information Security Management System, and to frequently review this system. The Information Security Officer (Phil Reed) will ensure that Comtec staff are aware of the importance of meeting customer as well as statutory and regulatory requirements, and overall, to contribute to achieving Comtec’s Information Security Objectives which are aligned with the current business plan. An induction programme has been implemented to ensure all new employees receive ISO awareness training.
6 ISMS POLICY
6.1 Introduction
This document is the Information Security management document for Comtec Enterprises Ltd. It describes the company’s corporate approach to Information Security and details how we address our responsibilities in relation to this vital area of our business.
Information Security is the responsibility of all members of staff, not just the senior management team, and as such all staff should retain an awareness of this policy and its contents.
Verification of compliance with the policy will be verified by a continuous programme of internal audits.
6.2 Scope of the Policy
The scope of this policy relates to use of the database and computer systems operated by the company at its office in Reigate, in pursuit of the company’s business of providing IT solutions to small/medium sized businesses.
6.3 Legal and regulatory obligations
Data Protection Act 1998
Employment Agency Act 2003
6.4 Roles and Responsibilities
Our Information Security Officer (Phil Reed) is responsible for randomly sampling records to ensure that all required data has been captured, and that data is accurate and complete.
It is the responsibility of all staff to ensure that all data is treated with the utmost confidentiality, and that no data is given out without the prior authority of any person affected.
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 11 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
6.5 Strategic Approach and Principles
6.5.1 Access Control – See Data Security Policy
6.5.2 Incident Management – See Data Security Policy
6.5.3 Physical Security – See Data Security Policy
6.5.4 Third-party Access – See Data Security Policy
6.6 Business Continuity Management – See Business Continuity Plan
6.7 Approach to Risk Management
We aim to reduce all opportunities for data to be compromised. This includes the possibility of theft of data.
We have carried out a full risk assessment of the potential for a breach of security as documented within our separate Risk Assessment Document.
A full description can be found in our Data Security Manual.
6.7.1 Action in the event of a policy breach.
Access to the system is centrally controlled and removal of access to the system is a very simple procedure, which is controlled by the Information Security Officer (Phil Reed).
Access to the premises is controlled by the Managing Director (Nick Claxson). Door entry access fobs are controlled using access control software, which allows a particular fob to be instantly disabled if required.
Immediately a policy breach has been detected any relevant user is either removed or reset depending upon the most appropriate action in the circumstances.
A full description of access control can be found in our Data Security Manual.
6.8 Information Security Objectives Our objectives are set out in our business plan and are then disseminated to each department/project for incorporation into their management roles. Each department is responsible for delivering its objectives and this is monitored via individual, appraisals & team meetings. Comtec’s Quality Objectives are as follows:
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 12 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
Objective 1: Existing services - Comtec will continue to deliver its services within a secure environment Objective 2: Development - Comtec will conduct annual risk assessments to ensure that risk to information in the care of Comtec is minimised or eliminated. 6.9 Responsibility, authority and communication
The management structure of Comtec is shown as an organisation chart (see Appendix) the chart shows functional relationships and responsibilities. 6.9.1 Management Representative The Information Security Officer (Phil Reed) is responsible for the maintenance, measurement and review of our Information Security Management System. The Information Security Officer (Phil Reed) will ensure that the processes needed for the Information Security Management System are established, implemented and maintained within Comtec. In addition he will report to SMT about system performance. 6.9.2 Internal Communications Senior management utilise Comtec’s internal communications framework in order to disseminate information about the effectiveness of the Information Security Management System. The Managing Director (Nick Claxson) provides an ISO overview at the quarterly senior team meetings. 6.9.3 Implementation Following the annual audit, results are reviewed by the senior management team. Any non conformities or opportunities for improvement are addressed and an action plan devised. 6.10 Management Review
6.10.1 General Senior Management ensures:
That the ongoing activities of Comtec are reviewed regularly and that any required corrective action is adequately implemented and reviewed to establish an effective preventative process.
Measurement of Comtec’s performance against our declared Information Security Objectives.
That internal audits are conducted regularly to review progress and assist in the improvement of processes & procedures. The reviews are discussed as part of Comtec’s SMT meetings.
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 13 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
That employees have the necessary training, support, specifications and equipment to effectively carry out the work.
The senior management team hold planning and review meetings every quarter. Minutes of these are taken and the agenda normally includes an update and discussion around the current work of all departments and services. 6.11 Review Input The quarterly Senior Management Team meetings review the following information:
Risk management and the status of risk assessments
Results of audits
Serious untoward incidents
Status of preventive and corrective actions
Follow up actions from previous management reviews
Changes that could affect policies and procedures (Information Security Management System)
Recommendations for improvements.
6.11.1 Implementation
Meetings are scheduled
A suggested agenda is prepared by the chair
Members invited to add items to the agenda
Agenda is circulated to members
Meetings take place
Actions are defined
Meetings are minuted by a designated staff member
Minutes are approved by Chair
Minutes are circulated amongst members
Completion of actions is reviewed at the next meeting. 6.12 Review Output The Senior Management Team reviews produce the following outputs:
Policies and procedures are updated to make operations more efficient
Operations and services are improved through measurement against targets and actions to improve or rectify specific areas.
Where resources are lacking actions are put in place to rectify this.
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 14 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
6.12.1 Implementation
Corrective actions are identified
Targets created
Improvements actioned
Situation re-evaluated at a specified later date.
7 PROVISION OF RESOURCES
Comtec will provide all the resources needed to implement and maintain the Information Security Management System and improve effectiveness of the system. Comtec will also ensure that the resources needed to enhance the satisfaction and requirements of service users, service commissioners and staff are identified and in place through audit and continual review. 7.1 Human Resources General 7.1.1 Competence, Awareness & Training We maintain a detailed Training Matrix demonstrating who has received what training and when. This is kept on the company intranet (sharepoint) for ease of access. 7.2 Infrastructure Comtec’s buildings, workspace, and associated utilities are managed by the Managing Director (Nick Claxson). The procurement and management of hardware, software and supporting services such as communication and information systems are coordinated by the Lead Architect (Phil Reed). We maintain a detailed asset register, including serial numbers, description, location and person to whom assigned. 7.2.1 Implementation Buildings, workspace and associated utilities requirements are regularly reviewed to ensure we make efficient use of office space. Both hardware and software is reviewed on an ongoing basis to ensure that staff are equipped with fit for purpose IT equipment and software. IT systems are maintained and serviced by our own internal engineers in conjunction with our Lead Architect (Phil Reed). Head office prepares and distributes a wide range of information:
Management Accounts
Management & Performance information
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 15 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
Training updates 7.3 Employment Recruitment, performance and termination of employment is handled by our Managing Director (Nick Claxson) in conjunction with department heads. All new starters will be asked to read and sign a copy of our Data Security Policy and if handling client data they must also sign a DBS/CCJ declaration form. A new starter form will then be produced and sent to the NOC department to set up any equipment, access rights, security levels and key fob access. An induction programme has recently been implemented to include an overview of the business, company policies and procedures, ISO requirements and a tour of the building to ensure all health and safety requirements have been covered. All HR information will be securely filed in a lockable cabinet with restricted access. Termination of employment will result if any employee is found guilty of gross misconduct or subject to the 3 stage warning process as set out in the company handbook. Upon termination of employment, contract or agreement all company assets must be returned to the Managing Director (Nick Claxson). Access to the building, servers and any company information will be immediately disabled.
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 16 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
M
A
N
A
G
E
M
E
N
T
R
E
V
I
E
W
Continuous Improvement
Document Control Records
Redefine Objectives
Preventive Action
Corrective
Action
ACT
PLAN
CHECK
DO
Appoint Man
Rep & Team
Scope and Policy
Significant Aspects
Legal &
Emergency
Objectives & Documents
Document Control & Records
Document Control & Records
Internal Audit
Test Emergency Response
Check Legal Compliance
Check Programme
Programme
Document
Control &
Records
Operational Control
Procedures
Train & Communicate
Implement Programme
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 17 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
8 RISK ASSESSMENT METHODOLOGY
We have identified the following process as means of conducting regular risk assessments relating to Information Security Issues.
We use a Microsoft word table to collect and analyse the risks identified in the following areas:
Password Policy
Building Security
Data Access
Assets
Threats
Vulnerabilities
Confidentiality
Integrity
Availability
Within each of these areas the risks (if any) are identified together with a rating of 1 to 3 as to the importance of the risk. The associated Impact or severity of the risk is also rated on a scale of 1 to 3. Together with the probable likelihood of the risk occurring.
Following this analysis conclusions are drawn as to what the most appropriate action is together with the estimated cost of implementing action to address the identified issue and an estimate of the cost of ignoring the risk.
9 MEASUREMENT, ANALYSIS & IMPROVEMENT
9.1 Information Security Standards In all Comtec’s services there are a specific set of quality measurements developed to be used to audit each service to enable a purchaser to be assured of the quality of delivery. Service Level Agreements (SLA) are used to identify the areas of a contract that will be measured and monitored. 9.1.1 Implementation We review our performance as part of a continuous review of Management Information. These reports help us to assess whether we are meeting our performance targets and provide us with month on month business performance benchmarking information. Comtec conducts quarterly internal audits with an annual external audit each November.
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 18 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
9.2 Internal ISMS Audits The internal audit process is as follows: 9.2.1 Internal Audit Process Flowchart
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 19 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
9.3 Monitoring & Measurement of Processes 9.3.1 Implementation Where the agreed requirements are not met, an action plan clearly detailing compliance will then be agreed with Comtec’s Managing Director (Nick Claxson) with a timescale for compliance set at 6 months. 9.4 Monitoring & Measurement of Service Comtec establishes at the outset of a new service contract the reporting demands within the Service Level Agreement. This process will be supported with the data reports compiled and will enable the review to monitor performance, effectiveness of delivery, contract compliance and potential service developments. Comtec provides full information for this purpose on a quarterly and annual basis. 9.5 Analysis of Data Incident logs are used to record any Information Security incidents or breaches giving cause for concern, and these are regularly assessed during the Management Review process to identify areas for improvement. 9.5.1 Implementation The data is collected by services and submitted to Comtec’s Services Department. Data is monitored by Senior Management. 9.6 Continual Improvement The organisation shall continually improve the effectiveness of the Information Security Management System through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions and management review.
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 20 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
9.6.1 Implementation
We review our performance as part of a continuous review of Management Information, service-user/customer feedback and comments. In particular we review our progress against our company information security objectives (business plan aims), with a view to seeing what we can improve and where. The chart below illustrates this process:
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 21 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
9.7 Corrective Action
9.7.1 Complaints Policy Comtec is committed to giving its clients the best possible service, involving them in the planning of their datacenter, and giving them opportunities to air any complaints that they may have on the service we provide. To this end we operate the following procedure: 9.8 Preventative Action Comtec has various processes and procedures in place to ensure that preventative action against nonconformities can be introduced, documented and seen through till completion to address the initial problem. The complex nature of the clients we work with, demands that we have flexible but effective processes and procedures in place. However, Comtec also uses internal and external audits and risk assessments to continuously improve its service delivery, financial, HR and operational functions. 9.9 Improvement
The agenda for the Management Review meetings shall include, but not be limited to:
Follow-up from previous meetings
Review of company ISMS Policy
Review and setting of Information Security Objectives
Review of Incidents / Complaint Logs
Customer Feedback
Audit Results
Staff performance in relation to Information Security handling
Changes that could affect the Information Security Management System
Recommendations to improve the ISMS and their implementation
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 22 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
10 APPENDICES
10.1 Appendix 1 – Organisation Chart
Nick Claxson (Managing Director)
Nick Claxson
Interim Head of Service
Jon Elsey
Power Install Manager
Roy Cole ISX Engineer.
Senior Electrician
Iain Ross ISX Engineer
Electrician
Andy Law
Contracts Manager
Dan Brockwell
Service Desk Manager
Jon Carlier
2nd Line Engineer
Joe Manners
1st Line Engineer
TBC
2nd Line Comms Engineer
David Croft Service Delivery Manager
Graham Taylor
Warehouse & Logistics Manager
Phil Reed Head Of Presales
Geoff Denham
Datacentre Presales Team Leader
TBC
Sales Person
Tariq Darr
Datacentre Specialist
Ian Gregg
Datacentre Specialist
Steven Earwicker
Datacentre Specialist
Andy Holland
Comms Presales Team Leader
TBC
Communications Sales Person
Eddie Desouza Marketing & New Business
New Business Team Leader
Simon Tomlins
Business Development Manager
Duncan Woods
Business Development Manager
Scott Campbell
Business Development Manager
ISMS POLICY DOCUMENT
Comtec, Comtec House, Albert Road North, Reigate, Surrey RH2 9EL Page 23 of 23
ISMS Policy version 1.31 (September 2016) For Issue
Document Version No. 1.31 Updated September 2016
Appendix 2 – List of Controlled Documents
Ref No Name Version Date Associated Documents
0001 D. Robertson 1 23/08/13 Data Security/Risk Assessment/Business Continuity Plan
0002 D. Robertson 1.2 10/11/13 As above
0003 D. Robertson 1.3 27/11/14 As above
0004 N. Claxson 1.31 23/09/16 As above
0005 P.Reed 1.40 28/11/16