Professional Documents
Culture Documents
Management
Policy
1
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Project Management Policy
Version Control
Owner Version Edited By Date Change History
IS Rep 0.1 Assent 22/03/2017 First Draft
Distribution
Held Format Location Comments
By
Digital / Physical
Status
X Status Approved By Date
X Working DD/MM/YYYY
Draft
Provisional Approval
Publication
Classification
X Confidential
Restricted
Unclassified
Relevance to Standard
License
2
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Contents
3
© Distributed by Resilify.io under a Creative Commons Share Alike License.
Project Management Policy
1.0 Overview
From time to time the organization may be required to run formal projects. This
policy sets out the overarching project management approach including
consideration of Information Security Aspects of Projects.
2.0 Policy
An activity will be deemed a project where the following criteria are met:
4
© Distributed by Resilify.io under a Creative Commons Share Alike License.
2.3 Project Initiation Document
When the business case has been approved, a project manager should be
designated. This may be an additional role for an existing staff member, a
dedicated member of staff or an external third party.
The project manager should engage with all relevant parties to expand the
business case and produce a project initiation document.
The risk register should consider any changes that could affect information
security at all stages of the project, and within the deliverables.
The project risk log should include mitigating controls, including those from
ISO 27001 Annex A.
All staff affected by project risks should be made aware of the associated
controls, including when they are to be effective; regardless of whether
they are part of the project team or not.
5
© Distributed by Resilify.io under a Creative Commons Share Alike License.
2.5 Project Planning
The high-level project plan and key milestones will be expanded by the
project manager, working with relevant stakeholders at each stage.
2.6 Communication
When all the identified deliverables have been met, or justifiably changed,
the project manager will close the project by passing all relevant
documentation to the operational team responsible for business as usual.
6
© Distributed by Resilify.io under a Creative Commons Share Alike License.