Scribd
Upload
18 views5 pages

Document Control Procedure

The Document Control Procedure outlines the systematic measures for creating, reviewing, approving, distributing, and revising documented information within the organization. It emphasizes the importance of documented information for communication, compliance, and accountability, while detailing processes for document management, storage, and disposal. The procedure also specifies retention periods for various document types and the protocols for handling documents of external origin.

Uploaded by

Ibrahim Salama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views5 pages

Document Control Procedure

The Document Control Procedure outlines the systematic measures for creating, reviewing, approving, distributing, and revising documented information within the organization. It emphasizes the importance of documented information for communication, compliance, and accountability, while detailing processes for document management, storage, and disposal. The procedure also specifies retention periods for various document types and the protocols for handling documents of external origin.

Uploaded by

Ibrahim Salama
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

DOCUMENT CONTROL PROCEDURE

Document Name: Document Control Procedure

Current Version: V1.0

Prepared by: Shuila Mohd Shahid


Signature:
Approved by: Barry Chai
Signature:
Last Updated: 22nd Feb 2024

Confidentiality Level Confidential


TABLE OF CONTENT

REVISION HISTORY ................................................................................................................. 2


1.0. INTRODUCTION ................................................................................................................ 3
2.0. DOCUMENT CONTROL PROCEDURE ............................................................................ 3
2.1. OVERVIEW ................................................................................................................... 3
2.2. CREATION OF DOCUMENTS ..................................................................................... 3
2.2.1. NAMING AND VERSIONING .............................................................................. 3
2.3. DOCUMENT OF EXTERNAL ORIGIN ......................................................................... 3
2.4. DOCUMENT REVIEW AND APPROVAL .................................................................... 4
2.5. COMMUNICATION AND DISTRIBUTION ................................................................... 4
2.6. ARCHIVAL OF DOCUMENTS ..................................................................................... 4
2.7. DISPOSAL OF DOCUMENTS ..................................................................................... 4

REVISION HISTORY
Version Date of Change Prepared by Approved Summary of Change
by
Draft 22nd Feb 2024 Shuila Barry Chai 1st Baseline

Update the documentation


storage location from google
V1.0 01st October 2024 Shuila Barry Chai
drive to Microsoft team
SharePoint
1.0. INTRODUCTION
Documented information refers to recorded data and evidence, including written documents
and electronic records, that provide proof of processes, activities, and outcomes within an
organisation. This encompasses a wide range of materials such as policies, procedures,
manuals, forms, reports, specifications, and other documentation used to plan, execute, and
evaluate operations. Documented information serves as a means of communication, ensuring
consistency, transparency, and accountability within the organisation, as well as facilitating
compliance with standards and regulations.

2.0. DOCUMENT CONTROL PROCEDURE


This procedure outlines systematic measures for the creation, review, approval, distribution,
and revision of documented information, safeguarding it against unauthorised access, loss, or
misuse.

2.1. OVERVIEW
The overall process of control for documents is shown in diagram below:

2.2. CREATION OF DOCUMENTS

2.2.1. NAMING AND VERSIONING


The convention for the naming of documents within the ISMS and CMMI is use
to follow the Configuration Item Management reference (location: CI Master
List - TimeTec R&D)

2.3. DOCUMENT OF EXTERNAL ORIGIN


Documents that origin outside the organisation such as the standards, laws and
regulation will be listed in Standards, Laws & Regulations Master List (location: 02.
Standards_Laws_Regulations Master List.docx)
2.4. DOCUMENT REVIEW, APPROVAL AND COMMUNICATION
Draft documents will be reviewed by a level and appropriate staff related to the
document content and subject. All documents must get the approval to ensure the
contents are correct and follow the standard guideline. Guideline are as below:

Document Reviewer Reviewer / Communication


Type Approver and Distribution

Policy Compliance & Process CTO All staff


Manager

Procedure Compliance & Process CTO R&D staff


Manager

Plan IT Operator / Compliance CTO R&D staff


& Process Manager

ISMS Records IT Operator / Compliance CTO ISMS team


& Process Manager

Project Team Lead / Project Project Manager Stakeholders


Documentation Manager / CTO

2.5. DOCUMENT REVIEW AND MAINTENANCE


All documents must be stored electronically or in hardcopy format. R&D departments
are not allowed to print out the PII data except with approval from the CTO or Human
Resources Department. The hardcopy content data privacy or sensitive data shall be
stored in the control area.

The ISMS documents are stored in Microsoft Team SharePoint (ISMS Team - ISMS
ISO 27001 Drive (TimeTec Cloud) - All Documents (sharepoint.com)) which all
appropriate staff can access based on the access rights and roles and responsibility.

The CMMI documents are stored in Microsoft Team SharePoint (CMMI Team -
Documents - All Documents (sharepoint.com)) which all appropriate staff can access
based on the access rights and roles and responsibility.

All company policies, procedure or plan which need communicate with all staff shall
store in TimeTec HR Central (TimeTec Employee Training Program (fingertec.com))

2.6. ARCHIVAL OF DOCUMENTS


2.6.1. RETENTION PERIOD
Policy/Guideline Retention Period Notes/References

7 years after Applicable laws and


Security Policies
superseded/retired regulations

Security Guidelines 3-5 years Frequency of updates

Applicable laws and


Incident Response Plans 7 years after creation
regulations

Applicable laws and


Access Control Policies 7 years
regulations

2.7. DISPOSAL OF DOCUMENTS


Paper copies of documents to be disposed should follow our Information Asset
Registry Guideline.

You might also like