Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1 Introduction
Scattered throughout the documents are generic text “placeholders” which require replacing
with titles and other factors specific to your organisation.
For example:
we don’t know what title you are going to give the manager with overall responsibility
for managing ISO 27001 and achieving information security outcomes - so we have
used the placeholder, “<ISMS Manager>”, as necessary, throughout the template
documents
You may want to give this person the title “27001 Manager” or “Information Security
Director”, or, if you are a small office based business, 27001 may become a
responsibility of the “Office Manager” or you may have some entirely different title in
mind.
similarly, we don’t know how many years you intend to keep records for - so we have
used the placeholder “<RRP Years>”, as necessary, throughout the template
documents
We recommend a minimum of 3 years, but many organisations keep records for
much longer for various reasons.
There are more than a dozen placeholders and many substitutions to be made, so, to make
this step easier, we have set up a conversion process for you which allows all of these
placeholder substitutions to be made in a single step.
<Facilities Manager> The title of the manager responsible for your infrastructure,
Doxonomy ISO 14001:2015 Toolkit Page 2 of 8
cabling, heating, lighting, physical security etc.
<HR Manager> The <HR Manager> has a range of documented responsibilities
including the implementation and management of The Control of
Competency Procedure.
In a small to medium organisation there may not be an “HR
Manager” as those responsibilities may be bundled with others,
for example in a small office the responsibilities may fall to the
“Office Manager” or similar.
Where you refer to “HR” as “Personnel” you may want to use the
title “Personnel Manager” or similar. It is up to you.
<Purchasing The <Purchasing Manager> has responsibility for deciding which
Manager> suppliers, if any, meet your information security control
requirements, and should they be audited against any
information security requirements that you place on your
purchases.
<Records Manager> The <Records Manager> is responsible for the implementation
and management of the Control of Records Procedure.
In small to medium organisations these responsibilities are often
assigned to the “Office Manager” or similar.
<IT Services> The name you give your department which oversees IT
infrastructure and activities.
Note that the usage of this placeholder doesn’t include the
implied prefix “the”, for example the text provided would say
“apply to <IT Services>” and not “apply to the <IT Services>”
So if you want to call this the “IT Department” or similar, use “the
IT Department” in place of the placeholder, whereas if you want
to use “IT Services”, or similar, then you do not need to include
“the” as a prefix in the substitution.
<IT Manager> The <IT Manager> is the manager of the <IT Department>.
<IT Service Desk> The <IT Help Desk> is the name you give the contact point
between the <IT Department> and users.
Other Substitutions
Placeholder Your data
<Days to Induction> The maximum number of days a new employee has to wait to be
formally undergo induction training.
We recommend this should be no more than 14.
<ERR Months> The minimum number of moths an employee’s records are
retained after they cease to be employed.
We recommend a minimum of 24.
<MRM Months> The maximum number of months between Management Review
Meetings
<RRP Years> The minimum record retention period in years.
We recommend 3.
Select the “27001 Placeholders” file from the ABACRE folder and its contents should then be
displayed in the left hand column of the window below, like this:
Having completed the data, check the “Case Sensitive” box and “Whole Word Options” box
and ensure that the “Confirm before replace” box is unchecked: