03. Healthsafe IT Resource Request Policy






IT RESOURCE REQUEST POLICY







Document Identification 

HSNZ/POL/03

Document Name

IT Resource Request Policy

Master Copy

CISO

Version Number

1.3

Date Of Release 

15 Aug 2023

Prepared By

Eparama Tuibenau

CISO

Approved by

Kevin McAfee

Managing Director



 

 


VERSION HISTORY


Sl No

Version No.

Prepared by

Approved by

Description of Version

Date

Reason for Version Change

From

To

1

1.0

-

CISO

MD

First Release

14 Apr 2020 

No changes made

1

1.0

1.1

CISO

MD

Updated

21 Jun 2021 

Modifications due to changes in HealthSafe

1

1.1

1.2

CISO

MD

Reviewed

23 Jul 2022 

Annual review

1

1.2

1.3

CISO

MD

Reviewed

15 Aug 2023

Annual review


DOCUMENT STATUS


Date

Document Status

14 Apr 2020

Modified

21 Jun 2021

Reviewed

23 Jul 2022

Reviewed

15 Aug 2023

Current


Table of Contents

  1. Purpose
  2. Scope
  3. Abbreviations, Acronyms and Definitions
  4. Input
  5. Output
  6. Interacting Process
  7. Procedure
  8. Monitoring the Process
  9. Records






1. PURPOSE


The purpose of this document is to establish and maintain a policy for IT resource requests for HealthSafe NZ.


2. SCOPE


These procedures apply to all aspects of IT Resource Requests


3. ABBREVIATIONS, ACRONYMS AND DEFINITIONS


Abbreviation

Description

IT

Information Technology Department

TL/PM

Team Lead / Project Manager

CISO

Chief Information Security Officer


4 INPUT


  • Resource Requests from the User logged with CISO
  • Type of Requests: Computer Resource, Repository Access, Software Access
  • Approval from CISOH through CRM (HubSpot)

5 OUTPUT


Provisioning the required resources

6 INTERACTING PROCESS


User, TL/PM/CISO/FH


7 PROCEDURE


  1. If the nature of the requests are related to providing access or updating access in the source code repositories, the Software/Repository Access Request Form is duly filled by the relevant team member.  The access permission is either updated if it’s an existing user or shared via LastPass if it is a brand new user account. 
  2. If the nature of user requests are related to upgrading or replacing computers or software procurement, the Software/Hardware Requisition Form is duly filled by the relevant team member. On receipt of the new hardware or software, the list of software license documents should be updated including the asset register. The timelines of the resolution will be communicated to the user(s), TL/PM via email.

8 MONITORING THE PROCESS


Necessary requests forms are approved by CISO and in some cases CEO or Director.


9 RECORDS


  • Software/Repository Access Request Form
  • Software/Hardware Requisition Form