View A-Z

View Policies A - Z

Know the name of the document you are looking for?

Find your document using the following list of all policies, procedures and guidelines.  You can jump to the relevant part of the list by clicking a letter in the Index below.  Each document has a "view summary descriptions" link beside it to help you determine if the document is the one you are after.

Don't know the name of the document you are looking for?

If you don't know the name of the document you are looking for, use the dedicated Search Engine instead. You can do a full text search or use filters such as document type, target audience, and keyword.

Index
ABCDEFGHIJKLMNOPQRSTUVWXYZReturn to Master List
Filter By
All Audiences
All Document Types
All Categories

Return to TopI (View Documents A-Z)

  • ICT Acceptable Use ProcedureThis procedure is intended to provide a clear statement of responsibilities for all Authorised Users of the Diocese’s ICT Services, including what constitutes acceptable and unacceptable use; and
    express the commitment of the Diocese in maintaining secure, effective, and reliable ICT Services.
  • ICT Access Control ProcedureThe purpose of this procedure is to expand on the Information Security Management System Policy (the policy) and to set out the procedures to follow to manage rules for access to various systems, equipment, facilities, and information based on business and security requirements for access to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).
  • ICT Acquisition Development and Maintenance ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and ensures the security of a system over its entire life cycle to protect information and systems of the Catholic Diocese of Maitland-Newcastle (the Diocese) from unauthorised disclosure, theft, modification, or destruction. 
  • ICT Backup ProcedureThe purpose of this procedure is to expand on the Information Security Management Policy (the policy), to ensure recovery mechanisms are in place to help safeguard the information assets of the Catholic Diocese of Maitland-Newcastle (the Diocese).
    The procedure helps prevent the loss of data in case of accidental deletion or corruption, system failure or disaster, and security breaches, as well as permitting timely restoration of information and business processes should such events occur.
    This procedure is also used for the management of secure backup and restoration processes on appropriate backup media.
  • ICT Change Control ProcedureThe purpose of this procedure is to expand on the Information Security Management System Policy (the policy) and to outline the procedures for change control for all systems, equipment, facilities, and information. This is based on business and security requirements to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).
  • ICT Cryptography Security ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and set out the procedure to follow to protect the Catholic Diocese of Maitland Newcastle (the Diocese).
  • ICT Cyber Incident Response ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and to set out the procedures required for an organised approach to managing cyber incidents within the Catholic Diocese of Maitland-Newcastle (the Diocese).
  • ICT Data Classification ProcedureThe purpose of this procedure is to expand on the Information Security Management System Policy (the policy) and to establish a systematic approach to managing various types of information that the Catholic Diocese of Maitland-Newcastle (the Diocese) collects, stores, and processes. Implementing a structured method to classify and protect information according to its sensitivity and significance is essential for mitigating any adverse impacts that a data breach could cause to the Diocese and ensure compliance.
  • ICT External Vendor System Access ProcedureThe purpose of this procedure is to expand on the related Information Security Policy (the policy) and to set out the procedure to follow to protect the Catholic Diocese of Maitland-Newcastle (The Diocese) and client data when granting and managing The Diocese IT system access for external vendors and contractors and to protect the integrity of the Diocese. 
  • ICT Password Security ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and to set out the procedures to follow for secure password management and use to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).
  • ICT Patch and Vulnerability ProcedureThe purpose of this procedure is to provide guidance on implementing a patch and vulnerability management process to preserve the confidentiality, integrity and availability of the Catholic Diocese of Maitland-Newcastle (the Diocese)’s information, services, and assets.

    This procedure sets out a consistent approach for discovering, assessing and mitigating vulnerabilities. The main objective is to reduce potential risk by eliminating discovered vulnerabilities.
  • ICT People and Culture Security ProcedureThe purpose of this procedure is to expand on the related Information Security Management System Policy (the policy) and to set out the procedures to follow for human resource management and to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).
  • ICT Physical and Environmental Security ProcedureThe purpose of this procedure is to expand on the related Information Security Policy (the policy) and to set out the procedures for Physical and Environmental Security and to protect the integrity of the Catholic Diocese of Maitland-Newcastle (the Diocese).

    This document is applied to the entire Information Security Management System (ISMS) scope, i.e., to all systems, equipment, facilities, and information used within the ISMS scope.
  • ICT Rapid Architecture Assessment ProcedureThis document details the steps for IT Architecture and Security personnel to conduct a rapid architecture assessment of an application. The goal is to ensure that the assessment is thorough yet efficient, allowing it to be completed by a member of the architecture team within approximately one hour. This procedure aims to:

    Identify and Mitigate Risks: Quickly identify potential security, compliance, and operational risks associated with new applications and systems.

    Ensure Compliance: Verify that the application meets the diocese’s security policies, regulatory requirements, and industry standards.

    Facilitate Decision-Making: Provide a structured and consistent approach to evaluating new applications, enabling informed decision-making by IT leadership.

    Document Findings: Ensure that all findings and evidence are properly documented and stored for future reference and audits.

    Support Efficient Integration: Streamline the assessment process to support the timely integration of new applications into the diocese’s IT environment.
  • ICT Removable Media Security ProcedureThe purpose of this procedure is to expand on the related Information Security (the policy) and to set out the procedures to minimise the loss, unauthorised disclosure, modification or removal of sensitive information maintained by the Catholic Diocese of Maitland-Newcastle (the Diocese).

    This procedure also seeks to reduce the risk of acquiring malware infections on computers owned or operated by the Diocese, and to protect the integrity of the Diocese.
  • ICT Supplier Relationships ProcedureThis Procedure sets out the controls for: Risk Assessment and Agreements and Supplier Service Delivery Management.
  • Information and Records Management Disposal and Destruction ProcedureThis procedure ensures the effective management of records within the Catholic Diocese of Maitland-Newcastle (the Diocese) by establishing steps for the lawful and systematic disposal of records that meet specific conditions.
    Following this procedure will help to maintain compliance, protect sensitive information, optimise storage resources and minimise risks associated with data breaches.
    Certain conditions specify whether records are considered temporary (can be destroyed after their minimum retention period is met) or permanent (i.e. ongoing value to the Diocese, to be stored as a Diocesan Archive when no longer required for use).
  • Information and Records Management PolicyThe policy, along with related Information and Records Management (IRM) procedures and guidelines, establishes a comprehensive framework for effective management of information and records. It provides clear guidance on compliance and best practices for workers.
    IRM practices are implemented to address the business needs of the Diocese as well as, stakeholder expectations. Compliance includes, but is not limited to, adherence to Canon Law, the Archives Act 1983, the Privacy Act 1988, the Health Records and Information Privacy Act 2002, the Evidence Act 1995, the Electronic Transactions Act 2000, and any applicable Bishop's Decree.
    These obligations form an integrated framework that upholds a secure, efficient, and legally compliant environment, grounded in the principles of integrity, accountability, and the values of the Gospel.
  • Information and Records Management ProcedureTo enable workers at the Catholic Diocese of Maitland-Newcastle (the Diocese) to develop and implement effective processes for managing Diocesan records and information throughout their entire lifecycle. This ensures compliance, security and accessibility of all records.
    This procedure must be read in conjunction with the Information and Records Management (IRM) Policy and its supporting procedures.
  • Information Security Management PolicyThis policy provides the governance framework for information management and security within the Diocese and defines all aspects of Information Security. The policy framework is based on the international standard for security management systems – ISO 27001.
  • Injury Management Feedback ProcedureThis procedure sets out a framework for obtaining feedback from workers and managers regarding the injury management process to ensure continuous improvement.

    Note: This is a private policy document for internal use within the Catholic Diocese of Maitland-Newcastle only.
  • Injury Management Internal Audit ProcedureThis procedure sets out a framework for conducting internal injury Managment and Return to Work audits on claims to as a means of identifying areas of strength and potential improvement in the internal management of claims.


    Note: This is a private policy document for internal use within the Catholic Diocese of Maitland-Newcastle only.
  • IRM Assessment Business Systems GuidelinesThis guideline provides a systematic, efficient, and risk-focused method for evaluating the information management capabilities of business systems, ensuring they meet organisational needs, enhance operational efficiency, and mitigate potential risks. It is consistent with Part 1 of ISO 16175 - Information and Documentation — Processes and functional requirements for software for managing records.
  • IRM Best Practice GuidelinesThe purpose of this guideline is to provide comprehensive information to workers of the Catholic Diocese of Maitland-Newcastle (the Diocese) to ensure they effectively manage Diocesan records and information assets.
    It is crucial to understand how to properly manage these resources to ensure best practice, enhance efficiency, and preserve the rich heritage of the Diocese.
  • IRM Digitising Information GuidelinesThe purpose of this guideline is to highlight the vital role of digitising information within the Catholic Diocese of Maitland-Newcastle (the Diocese). This initiative is crucial for aligning with the Shared Service Strategic Plan and propelling digital transformation forward. In today's technology-driven world, efficient information and records management boosts operational efficiency, strengthens community engagement, and ensures responsiveness to the evolving needs of Diocesan Community members. By prioritising digitisation, the Diocese commits to becoming more agile and innovative, respecting its heritage while embracing a future guided by data-driven decisions.
  • IRM Physical Storage of Records GuidelinesThe aim of this procedure is to reduce the risk of damage to physical records due to improper storage.
    Proper records storage is crucial for effective records management, ensuring the integrity, confidentiality, and accessibility of records.
    This procedure also ensures compliance with relevant regulations and guarantees that records remain intact for as long as they are needed for business and accountability purposes.
    The procedure is designed to:
    • Establish requirements for the safe storage and preservation of non-digital records
    • Ensure all non-digital records are protected, secure and accessible for as long as they are required to meet business and accountability needs and community expectations
    • Ensure storage practices are cost-effective while embodying best practice standards.
  • IRM Preparing Records For Offsite Storage GuidelinesThe purpose of this guideline is to ensure the efficient, accurate and safe preparation of records belonging to the Catholic Diocese of Maitland-Newcastle (the Diocese) for off-site storage. By following this procedure, records will be organised to enhance quick access and ensure their long-term protection and safe handling.
  • IRM Titling Conventions GuidelinesThe purpose of this Titling Convention Guideline is to establish clear and consistent standards for the naming of records within the Catholic Diocese of Maitland-Newcastle (the Diocese). By adhering to these conventions, we aim to enhance the Diocese’s, retrieval and management of records, ultimately improving efficiency and reducing the risk of errors.