Policy Review and Modification

Review and Modification Policy

Grantham University


For the purposes of this policy, electronic resources are defined as all computer-related equipment, software/network applications, interconnecting networks, fax machines, telephone systems, and all information contained therein (collectively, “electronic resources”) owned by Mahtmarg Manufacturing (“the company/the organization”).

Review and Modification Policy

This policy shall outline the procedures and practices for the reviewing and modification of the Mahtmarg Manufacturing ISP.


In efforts to ensure that Mahtmarg Manufacturing continues to operate with best practices as it pertains to information security, the Mahtmarg Information Security Policy (ISP) shall be reviewed semi-annually to determine if any of the procedures that have been set forth need to be altered, or if any additions need to be made. During the review, at a minimum, the listed topics shall be discussed:

Incidents/Disasters occurred or thwarted

Known threats

Know Vulnerabilities

Risk Assessment

Obsolete practices

If there are any changes to be made to the ISP, please refer the “Modification Policy” of the ISP.

Modification Policy

As the ISP is a “living document”, there will be instance where protocols and procedures will need to be modified. If there are any modifications that are needed, the following procedure should be followed:

Modifications will only be made after semi-annual reviews unless an emergency protocol must be enacted.

All changes shall be voted on by the ISP committee members:

Information Security Manager

IT Manager

Network Manager



Changes to any of the protocols or procedures will require an amendment.

Amendment proposals must be typed, and emailed with digital signature attached to the committee members for discussion and vote.

Change request shall be logged by Information Security Manager.

Amendment proposals may be sent back for further detail or changes.

If vote is passed for amendment, a policy modification form, along with the attached amendment, will need to be approved/signed off by the CISO.

Once approved, the amendment will be added to the policy, and the revision will be sent out company-wide by email, and a hard copy maintained by the Information Security Manager.