View Policies A - Z

Return to TopI (View Documents A-Z)

• ICT Acceptable Use ProcedureThis procedure is intended to provide a clear statement of responsibilities for all Authorised Users of the Diocese’s ICT Services, including what constitutes acceptable and unacceptable use; and
  express the commitment of the Diocese in maintaining secure, effective, and reliable ICT Services.
• ICT Access Control ProcedureThe purpose of this procedure is to expand on the Information Security Management System Policy (the policy) and to set out the procedures to follow to manage rules for access to various systems, equipment, facilities, and information based on business and security requirements for access to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).
• ICT Acquisition Development and Maintenance ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and ensures the security of a system over its entire life cycle to protect information and systems of the Catholic Diocese of Maitland-Newcastle (the Diocese) from unauthorised disclosure, theft, modification, or destruction. 
• ICT Backup ProcedureThe purpose of this procedure is to expand on the Information Security Management Policy (the policy), to ensure recovery mechanisms are in place to help safeguard the information assets of the Catholic Diocese of Maitland-Newcastle (the Diocese).
  The procedure helps prevent the loss of data in case of accidental deletion or corruption, system failure or disaster, and security breaches, as well as permitting timely restoration of information and business processes should such events occur.
  This procedure is also used for the management of secure backup and restoration processes on appropriate backup media.
  
• ICT Change Control ProcedureThe purpose of this procedure is to expand on the Information Security Management System Policy (the policy) and to outline the procedures for change control for all systems, equipment, facilities, and information. This is based on business and security requirements to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).
• ICT Cryptography Security ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and set out the procedure to follow to protect the Catholic Diocese of Maitland Newcastle (the Diocese).
• ICT Cyber Incident Response ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and to set out the procedures required for an organised approach to managing cyber incidents within the Catholic Diocese of Maitland-Newcastle (the Diocese).
• ICT Data Classification ProcedureThe purpose of this procedure is to expand on the Information Security Management System Policy (the policy) and to establish a systematic approach to managing various types of information that the Catholic Diocese of Maitland-Newcastle (the Diocese) collects, stores, and processes. Implementing a structured method to classify and protect information according to its sensitivity and significance is essential for mitigating any adverse impacts that a data breach could cause to the Diocese and ensure compliance.
• ICT External Vendor System Access ProcedureThe purpose of this procedure is to expand on the related Information Security Policy (the policy) and to set out the procedure to follow to protect the Catholic Diocese of Maitland-Newcastle (The Diocese) and client data when granting and managing The Diocese IT system access for external vendors and contractors and to protect the integrity of the Diocese. 
• ICT Password Security ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and to set out the procedures to follow for secure password management and use to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).
• ICT Patch and Vulnerability ProcedureThe purpose of this procedure is to provide guidance on implementing a patch and vulnerability management process to preserve the confidentiality, integrity and availability of the Catholic Diocese of Maitland-Newcastle (the Diocese)’s information, services, and assets.
  
  This procedure sets out a consistent approach for discovering, assessing and mitigating vulnerabilities. The main objective is to reduce potential risk by eliminating discovered vulnerabilities.
• ICT People and Culture Security ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and to set out the procedures to follow for human resource management and to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).
• ICT Physical and Environmental Security ProcedureThe purpose of this procedure is to expand on the related Information Security Policy (the policy) and to set out the procedures for Physical and Environmental Security and to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).
  
  This document is applied to the entire Information Security Management System (ISMS) scope, i.e., to all systems, equipment, facilities, and information used within the ISMS scope.
• ICT Rapid Architecture Assessment ProcedureThis document details the steps for IT Architecture and Security personnel to conduct a rapid architecture assessment of an application. The goal is to ensure that the assessment is thorough yet efficient, allowing it to be completed by a member of the architecture team within approximately one hour. This procedure aims to:
  
  Identify and Mitigate Risks: Quickly identify potential security, compliance, and operational risks associated with new applications and systems.
  
  Ensure Compliance: Verify that the application meets the diocese’s security policies, regulatory requirements, and industry standards.
  
  Facilitate Decision-Making: Provide a structured and consistent approach to evaluating new applications, enabling informed decision-making by IT leadership.
  
  Document Findings: Ensure that all findings and evidence are properly documented and stored for future reference and audits.
  
  Support Efficient Integration: Streamline the assessment process to support the timely integration of new applications into the diocese’s IT environment.
• ICT Removable Media Security ProcedureThe purpose of this procedure is to expand on the related Information Security (the policy) and to set out the procedures to minimise the loss, unauthorised disclosure, modification or removal of sensitive information maintained by the Catholic Diocese of Maitland-Newcastle (the Diocese).
  
  This procedure also seeks to reduce the risk of acquiring malware infections on computers owned or operated by the Diocese, and to protect the integrity of the Diocese.
• ICT Supplier Relationships ProcedureThis Procedure sets out the controls for: Risk Assessment and Agreements and Supplier Service Delivery Management.
• Information Security Management PolicyThis policy provides the governance framework for information management and security within the Diocese and defines all aspects of Information Security. The policy framework is based on the international standard for security management systems – ISO 27001.
• Injury Management Feedback ProcedureThis procedure sets out a framework for obtaining feedback from workers and managers regarding the injury management process to ensure continuous improvement.
  
  Note: This is a private policy document for internal use within the Catholic Diocese of Maitland-Newcastle only.
• Injury Management Internal Audit ProcedureThis procedure sets out a framework for conducting internal injury Managment and Return to Work audits on claims to as a means of identifying areas of strength and potential improvement in the internal management of claims.
  
  
  Note: This is a private policy document for internal use within the Catholic Diocese of Maitland-Newcastle only.