Appendix B: Versioning, version 1.0.0

(District/Organization) Information Security Policy Version

The (District/Organization) Information Security Policy contains versioning information to assist the owner and reader to ensure that the policy being maintained and/or read is the most current version of the document.

The (District/Organization) Information Security Policy version number consists of three numbers separated by a period (“.”). The format is X.Y.Z as noted below.

X = Major Policy Manual Version Number

The Major Policy Version Number notes all major revisions and certain reviews of the Information Security Policy. The Major Policy Version Number will increment by one in the following circumstances:

  • Major revisions of the (District/Organization) Information Security Policy, which include:
    • The addition of a new policy to the manual
    • The removal of a policy from the manual
    • The renaming of a policy within the manual
  • Certain reviews. The major revision number will increment by one upon the annual review of the Policy by the Security Committee, ONLY if the Minor Version number requires a reset to zero. The Minor Version number requires a reset to zero if the Minor Version number is two (or more) digits in length.

Whenever the Major Policy Version Number is incremented, all other version numbers (Minor and Non-Material) are reset to zero.

Y = Minor Policy Version Number

The Minor Policy Version Number increments by one each time there is a major revision to a policy within the (District/Organization) Information Security (See “X = Major Policy Version Number” below).

The Minor Policy Version Number will also increment by one each time the Non-Material Policy Version Number is two (or more) digits in length. When this occurs, the Minor Policy Version Number increments by one, and the Non-Material Policy Version Number resets to zero. This versioning can take place outside of the annual Security Committee review.

Z = Non-Material Policy Version Number

The Non-Material Policy Version Number will increment by one each time there is:

  • An insignificant change to the (District/Organization) Information Security Policy. Insignificant changes are those that do not materially change the policy manual. The most common examples of an insignificant revision are punctuation and spelling changes.
  • A minor revision to a policy within the Information Security Policy (See “Y = Minor Policy Version Number” below).

Examples

Example #1 – Addition of a new policy.

When the new information policy has been approved by the Security Committee and is to be added to the (District/Organization) Information Security Policy Manual, the following versioning takes place:

  • The newly approved policy is assigned a Major Policy Version Number of “1”, and a version of 1.0.0.  Policies only receive a version number once they are approved by the ISLOC.
  • The addition of a new policy to the (District/Organization) Information Security Policy Manual is noted as a Major Policy Manual Version change. If the (District/Organization) Information Security Policy Manual was 1.0.4 at the time of the addition, the new manual version number would be 2.0.0.

Example #2 – Addition of a policy statement to an existing information security policy.

The following versioning takes place:

  • The Major Policy Version Number is incremented by one. If the version of the policy was 1.1.3, the new policy version would be 2.0.0.
  • The Minor Policy Manual Version Number is incremented by one. If the version of the FRSecure Information Security Policy Manual was 1.1.8, the new version would become 1.2.0.

Example #3 – Change to an existing information security policy statement.

The following versioning takes place:

  • The Minor Policy Version Number is incremented by one.
  • The Non-Material Policy Manual Version Number is incremented by one.

If the (District/Organization) Information Security Policy Manual Version Number was 2.5.7 prior to the change, and the Information Security Policy Version Number was 1.3.6, the new version numbers would become:

  • Information Security Policy Version Number – 1.4.0
  • (District/Organization) Information Security Policy Manual Version Number – 2.5.8

Download Appendix B: Versioning document