Doxonomy ISO 27001:2013 Toolkit

Replacing Placeholders Using ABACRE

1 Introduction
Scattered throughout the documents are generic text “placeholders” which require replacing
with titles and other factors specific to your organisation.
For example:
 we don’t know what title you are going to give the manager with overall responsibility
for managing ISO 27001 and achieving information security outcomes - so we have
used the placeholder, “<ISMS Manager>”, as necessary, throughout the template
documents
You may want to give this person the title “27001 Manager” or “Information Security
Director”, or, if you are a small office based business, 27001 may become a
responsibility of the “Office Manager” or you may have some entirely different title in
mind.
 similarly, we don’t know how many years you intend to keep records for - so we have
used the placeholder “<RRP Years>”, as necessary, throughout the template
documents
We recommend a minimum of 3 years, but many organisations keep records for
much longer for various reasons.
There are more than a dozen placeholders and many substitutions to be made, so, to make
this step easier, we have set up a conversion process for you which allows all of these
placeholder substitutions to be made in a single step.

2 Deciding on Your Placeholder Substitutions

The Table below lists the placeholders and explains what, in each case, you need to
consider in deciding on what you wish to be substituted in place of each placeholder.
Your Organisation
Placeholder Your data
<Full Name> The full name of your organisation, e.g.
The Belt Test Centre Plc
<Short Name> The “short” name for your organisation, e.g.
TBTC

Key Management Roles

Placeholder Your data
<Senior Management The “Senior Management Team” is the term we use for what
Team> 27001 refers to as “Top Management”. ISO defines Top
Management as:
Person or group of people, who directs and controls an
organisation at the highest level.

Doxonomy ISO 14001:2015 Toolkit Page 1 of 8

 Note:

 top management has the power to delegate authority and

provide resources within the organisation
 if the scope of the management system covers only part of an
organisation, then top management refers to those who direct
and control that part of the organisation
For example, in a company it might be the “Board” or “The
Executive”, In a partnership it might be the “Partners”, in a
Charity it might be the “Council” and so on.
<ISMS Manager> The “ISMS Manager” is the manager who has responsibility and
authority for all aspects of your 27001 EMS.
While it is quite possible, and in larger organisations may be
necessary, for various aspects of the role to be undertaken by a
different manager we have assumed in the template documents
that all responsibilities are taken by a single manager, whom we
have termed “ISMS Manager”. It is important to note that, while
the “ISMS Manager” carries these responsibilities they may
formally delegate some responsibilities to others in the
organisation whilst retaining overall control / responsibility.
In small to medium organisations the role of “ISMS Manager”
may well be combined with other roles (so long as they retain
sufficient time / resource / independence to undertake their
27001 related responsibilities and that their independence is not
compromised). For example, in an office environment both
information security and health and safety might be
responsibilities of the “Office Manager” and in that case you
would just use the title of “Office Manager”.
Further down this table other management titles are used for
those responsible for subsidiary functions, such as “Audit
Manager” and “Document Controller”. Again, and particularly in a
small to medium organisation, you may choose to also make
these direct responsibilities of the “ISMS Manager” – or not, it is
up to you!

Other Manager / Departmental Roles

Placeholder Your data
<Audit Manager> The <Audit Manager> is responsible for the implementation and
management of the Control of Internal Audit procedure.
In small to medium organisations these responsibilities are often
assigned to the “ISMS Manager”, and in that case simply use the
title you have assigned to the “ISMS Manager” above.

<Document The <Document Controller> is responsible for the implementation

Controller> and management of the Control of Documentation Procedure.
In small to medium organisations these responsibilities are often
assigned to the “Office Manager” or similar.

<Facilities Manager> The title of the manager responsible for your infrastructure,
Doxonomy ISO 14001:2015 Toolkit Page 2 of 8
 cabling, heating, lighting, physical security etc.
<HR Manager> The <HR Manager> has a range of documented responsibilities
including the implementation and management of The Control of
Competency Procedure.
In a small to medium organisation there may not be an “HR
Manager” as those responsibilities may be bundled with others,
for example in a small office the responsibilities may fall to the
“Office Manager” or similar.
Where you refer to “HR” as “Personnel” you may want to use the
title “Personnel Manager” or similar. It is up to you.
<Purchasing The <Purchasing Manager> has responsibility for deciding which
Manager> suppliers, if any, meet your information security control
requirements, and should they be audited against any
information security requirements that you place on your
purchases.
<Records Manager> The <Records Manager> is responsible for the implementation
and management of the Control of Records Procedure.
In small to medium organisations these responsibilities are often
assigned to the “Office Manager” or similar.

<IT Services> The name you give your department which oversees IT
infrastructure and activities.
Note that the usage of this placeholder doesn’t include the
implied prefix “the”, for example the text provided would say
“apply to <IT Services>” and not “apply to the <IT Services>”
So if you want to call this the “IT Department” or similar, use “the
IT Department” in place of the placeholder, whereas if you want
to use “IT Services”, or similar, then you do not need to include
“the” as a prefix in the substitution.

<IT Manager> The <IT Manager> is the manager of the <IT Department>.

<IT Service Desk> The <IT Help Desk> is the name you give the contact point
between the <IT Department> and users.

Other Substitutions
Placeholder Your data
<Days to Induction> The maximum number of days a new employee has to wait to be
formally undergo induction training.
We recommend this should be no more than 14.
<ERR Months> The minimum number of moths an employee’s records are
retained after they cease to be employed.
We recommend a minimum of 24.
<MRM Months> The maximum number of months between Management Review
Meetings
<RRP Years> The minimum record retention period in years.
We recommend 3.

Doxonomy ISO 14001:2015 Toolkit Page 3 of 8

 <TNA Months> The maximum number of months between training needs
analyses.
We recommend 12.

3 Replacing the Placeholders

You can of course make these substitutions manually, simply by opening each file in
Documents folder in turn and either using the Find or Replace functions within Word.
However, there are almost 200 of them so we offer an easier method!
We recommend that you download, install as instructed and use the ABACRE “Advanced
Find and Replace” utility which you can download here. This is an evaluation copy that you
can use free for 21 days!

4 Setting up Advanced Find and Replace

Once installed, launch AFR and configure it as follows:
Under “Search in”, select “Folders”:

Under “Mask”, select “MS Office Files”:

Doxonomy ISO 14001:2015 Toolkit Page 4 of 8

Under “Search Path”, click “Browse” an set the location to the folder containing your
downloaded template documents:

Next, click on the “Batch Replace” tab:

Doxonomy ISO 14001:2015 Toolkit Page 5 of 8

And then click on the “Import values from file” icon:

Select the “27001 Placeholders” file from the ABACRE folder and its contents should then be
displayed in the left hand column of the window below, like this:

Doxonomy ISO 14001:2015 Toolkit Page 6 of 8

For each placeholder displayed enter the term you wish to replace it with in the right hand
“Replace with” column, for example:

Having completed the data, check the “Case Sensitive” box and “Whole Word Options” box
and ensure that the “Confirm before replace” box is unchecked:

Doxonomy ISO 14001:2015 Toolkit Page 7 of 8

Finally, just click “execute” to have the tool make the placeholder substitutions!
This is not a speedy program! – so it will take some time to go through the files, but you will
be able to see that it is working as the “Execute” button will change to “Pause” and the tool
will list the files as it processes them.
When the process is complete the “Pause” button will revert to “Execute” and you are done.
Remember, if you make a mistake you can always download the files again and start over.
Sadly, we cannot provide support for Advanced Find and Replace, for that you should
contact them direct at support@abacre.com

Doxonomy ISO 14001:2015 Toolkit Page 8 of 8