re-org of 9.4

git-svn-id: 14b1bab8-4ef6-0310-b690-991c95c89dfd
Ian Grigg 14 years ago
parent 9b193892b4
commit 0d587d969a

@ -48,6 +48,7 @@ a:hover {
<body lang="en-GB">
<ul class="change">
<li> 20100424: tidied up 9.4 </li>
<li> 20100422: added 9.3.2 notification requirement. </li>
<li> 20100421: reviewed and dropped the BLUE changes that introduced AE, etc. </li>
<li> 20100411: rewrote the critical roles to align with ABC requirement, dropped Board. </li>
@ -213,7 +214,7 @@ This policy document says what is done, rather than how to do it.
This Policy explicitly defers detailed security practices to the
<a href="">Security Manual</a>
<a href="">Security Manual</a>
The SM says how things are done.
As practices are things that vary from time to time,
@ -244,7 +245,7 @@ explicitly defer single, cohesive components of the
security practices into separate procedures documents.
Each procedure should be managed in a wiki page under
their control, probably at
<a href="">
<a href="">
Each procedure must be referenced explicitly in the Security Manual.
@ -1351,12 +1352,11 @@ and becomes your authority to act.
Components may be outsourced.
<span class="strike">
Team leaders may outsource non-critical components
on notifying the Board.
Critical components must be approved by the Board.
Any outsourcing arrangements must be documented.
All arrangements must be:
@ -1386,9 +1386,11 @@ All arrangements must be:
Contracts should be written with the above in mind.
<span class="change">
Outsourcing of critical components must be approved by the Board.
<h3 id="s9.5">9.5 Confidentiality, Secrecy </h3>