Professional Documents
Culture Documents
Checklist of ISO 22301 Mandatory Documentation
Checklist of ISO 22301 Mandatory Documentation
CORPORATE MANUAL
People
We pledge to continuously monitor our governance system to
ensure compliance with basic human rights within our
organization and with those whom we interact - UN Global
Compact Principles 1-6
Planet
We pledge to reduce the negative impact of our business on the
environment, meet or exceed regulatory requirements and
continuously seek to improve our process to achieve higher
standards – UN Global Compact Principles 7-9
Profit
We apply a zero tolerance approach with respect to corruption,
extortion and bribery. We will continuously identify ways of
maximizing the positive impact of our business operations where
we have special skills, products or services to make a difference
in the communities where we live and work – UN Global
Compact Principle 10
REVISION HISTORY
QM000001’s issue/revision was 0 to 2.1, while last version was dated 98 Jan 31.
QM000002’s issue/revision was 0 to 3.1, while last version was dated 02 Aug 26.
QM000003’s issue/revision was 0 to 1.2, while last version was dated 06 Jan 20.
Iss. Rev. Description Page Effective Date
0 Initial draft All (38) 07 Jul 12
1.0 First Release: ISO 27001:2005 (RL + RM) All (62) 07 Sep 10
1.1 ISMS Policy, ‘Restricted’ & compliance All (62) 07 Nov 19
1.2 Scope, new stations 12-14 08 Jan 22
1.3 Mission, Vision 8-10 08 Jul 07
1.4 Review ISMS Policy 45-63 08 Aug 20
1.5 Privacy Policy; Wireless; ISO9001:2008 All 09 Sep 03
1.6 CSR; GC All 10 Apr 09
DISTRIBUTION LIST
** Original Approval **
TABLE OF CONTENTS
FORWARD DESCRIPTION Page
I Cover Page 1
II Company Quality Policy 2
III Company Environmental Policy 3
IV Company Information Security Policy 4
V Company Corporate Social Responsibility Policy 5
VI Revision History 6
VII Table of Contents 7
7. Product Realization 30
7.1. Planning of product realization 30
7.2.. Customer-related processes 31
7.3. Design and Development 32
7.4. Purchasing 32
7.5. Production and Service Provision 33
7.6. Control of Monitoring and Measuring Devices 35
8. Measurement, Analysis and Improvement 35
8.1. General 35
8.2. Monitoring and measurement 36
8.3. Control of Nonconforming Product 38
8.4. Analysis of Data 38
8.5. Improvement 39
1. INTRODUCTION
At Santa Fe, we strive to be the best in our field. In fact, the pursuit of excellence
is at the very heart of our corporate culture.
This manual is to help our staff to do the best job they can: for the good of the
company and for the betterment of their careers. These two goals are inextricably
linked. A company can only do well if its people do well; and you will only be
successful if the company you work for is successful.
The guidelines of this manual are the result of years of experience from leading
people’s pursuit for quality in service or product. This will lead to a better and
more satisfying career for our staff in a successful working environment, and a
more productive future for our Company.
At Santa Fe there are three aspects of our Company that will make us stand out
from the rest and help us rise above the usual.
These are described by three words that, together, form our motto:
“Quality - Efficiency - People”
The link between these three words is our basic standpoint in business. No part
of our activities is carried out without them, and every project of every business
unit must have what these words represent.
1.3.1. QUALITY
1.3.2 EFFICIENCY
Efficiency is something everyone should strive for, because apart from making a
company more profitable and our lives easier, it impresses our customers and our
business partners.
To gain maximum efficiency, we must make our assets work for us to their
maximum productivity and minimum waste.
1.3.3 PEOPLE
People are our most valuable asset. A company is judged by its people and how
they present themselves and carry out their duties.
We understand that not all employees are the same. Each has his/her own way of
thinking and is motivated in different ways. Talents vary from the creative to the
technical. And of course, everyone has his or her own unique personality.
So we don’t except every member of staff to operate and react in exactly the same
way.
Once these basic principles are taken, our people will find a high degree of
freedom at Santa Fe. Their talents will be recognized and their performance
rewarded.
We value our people very highly at Santa Fe. We endeavor to provide a working
environment and the right incentives for people to become the best they can.
Under the Santa Fe brand, EAC Moving & Relocation Services provide office,
local, domestic and international household goods moving services and a wide
range of relocation services. Records management services are provided in
Beijing, Guangzhou, Hong Kong, Jakarta, Macau, Malaysia, Manila, Singapore
and Shanghai.
Based in Asia, EAC Moving & Relocation Services continuously expanded its
operations throughout the region over the past 27 years. Currently, the business
covers operations in China, Hong Kong, India, Indonesia, Japan, Macau,
Malaysia, Manila, Singapore, South Korea, Taiwan, Thailand and Vietnam.
Services are provided to customers moving from or to other areas of the world
through relocation partners within the OMNI, FIDI and ERC networks. EAC
Moving & Relocation Services handles in excess of 26,000 relocations around
the world annually.
A key value driver for EAC Moving & Relocation Services is its high-margin
value-added relocation services, offering corporations a full range of services,
including immigration/visa, home/school search, language/cultural training,
tenancy management, financial management services and moving services. The
records management business holds an attractive growth and earnings potential as
the commercial centres across Asia continue to grow.
Our business commitment, however, remain simple: meet our customers’ needs
with a high service level, at the right price and in the time specified.
2. PURPOSE
The manual also describes the management system that is applied and maintained
to provide the Company’s customers with consistent quality service. This manual
maybe made available to customers seeking evidence about our ability to meet
their quality requirements.
3. SCOPE
The HHG in SFHK consists of the Traffic, Customer Service, Sales & Marketing
House Doctor service, Relocation service, Corporate service and Administration
Departments. The OPS is completely involved in the scope of the Management
System, except FCO businesses. The RM in the scope of the Management
System includes Sales, customer service and Operations Services. For the
organization structure of the Finance/Accounts Division only the Accounts
Payable, Accounts Receivable for HHG & RM are consisted in the scope of the
Management System.
Local offices may operationally vary from each other, the details is defined in
local quality manual.
CORPORATE
MANUAL
COMPANY PROCEDURES/
ISMS CP
WORK INSTRUCTIONS /
ENVIRONMENTAL PROCEDURES
4.2.1. GENERAL
Santa Fe shall document, implement, and maintain procedures that comply with
ISO9001, ISO14001, ISO27001, FAIM & UNGC standards and the stated
Company Quality Policy, Company Environmental Policy, Company Information
Security Policy and Company Corporate Social Responsibility Policy in this
manual.
1
4.2.2. QUALITY MANUAL
The aim of Santa Fe’s management shall be to have the MS fully assessed to
ISO9001 (Quality Management Systems), ISO14001 (Environmental
management systems), ISO27001 (Information Security Management System),
FAIM and along with UNGC requirements. The maintenance of the MS shall be
achieved through the Internal Quality, EMS, ISMS & FAIM Audits.
1
Local offices name the top-level document as Quality Manual. SFHK renamed its Quality
Manual to Corporate Manual in 2003, for linking up operations system among the SF Group.
In the absence of other contractual project specific control or quality plans, the
Corporate Manual shall constitute the Quality Plans, which together with all
mandatory procedures shall meet the requirements of ISO9001, ISO14001,
ISO27001 and FAIM.
In short, the business flows for HHG & RM theoretically start from customer
enquiry, service process to job completion. Due to complexity on type of
business, the sequence and interaction between the processes of the QMS has
been described as the flowcharts, and stated on Company Procedure – Process
Control.
Mgt
responsibility
Customers
Customers
Requirements Measurement,
Resource Satisfaction
analysis &
mgt improvement
Key
Value-adding activities
Information flow
The M.R. shall have a master list of all company procedures. They shall be
controlled by fulfilling the requirements of ISO9001, ISO14001, ISO27001,
FAIM & UNGC.
The M.R. shall review regularly the Corporate Manual to ensure suitability and
effectiveness in satisfying the Quality System and requirements of ISO9001,
ISO14001, ISO27001, FAIM and UNGC. This review shall be documented and
maintained. The result of this review shall include the updating or re-approval of
Company’s Quality/Environmental/ Information Security Objectives for the next
scheduled review.
Each Department Head shall be responsible for updating its own department’s
procedures, specifications, drawing, document distribution lists, and master lists.
All controlled documents should be clearly stated its status. Pertinent issues shall
be located in the relevant working area.
All documents and information shall be classified based on the criticality and
sensitivity of the nature. Labeling and handling requirements shall be followed
according to different classification
The above records shall be retained for a minimum period of one year or longer if
required or regulatory requirements except for training record will be kept in the
office as long as the employee exist and specific project customer’s contract kept
in the office as long as the contract valid. Availability of these records to the
customer shall be provided.
Records shall be easily accessible and stored in a suitable and secure location to
prevent damage, loss, and deterioration. Records originating from each
department shall be legible, kept above other records in a manner that any
information can be easily retrieved, and maintained by the appropriate department
heads. When documents exceed their required retention period, they can be
disposed as per the department head’s instruction.
5. MANAGEMENT RESPONSIBILITY
The tender, contract, or order shall be reviewed to ensure that the customer
requirements are adequately defined and documented in terms of:
1) Scope of work.
2) Special requirements (if applicable).
3) Regulatory requirements.
4) Quality requirements.
5) Security requirements (if applicable)
6) Delivery dates.
7) Price for the service.
order of precedence shall be the Contract, the Corporate Manual and the
Procedures in the event of conflicting requirements. (related with 7.2.1, 7.2.2 and
8.2.1)
The organization shall comply with all legal and other requirements
that apply to its activities and operations.
The policies shall be introduced to all staff upon appointment as part of the
introduction process for new employees. Existing staff shall be advised of the
Ref. No. - QM000004 Page: 23 of 68
Iss. Rev. – 1.6 Date: 01 Sept 10
SANTA FE CORPORATE MANUAL
5.4. PLANNING
an Organization Chart and Job Description for all major functions within the
Company.
All employees shall receive the most recent copy of their own Job Description.
Personnel shall maintain all Job Descriptions for all HK Santa Fe employees, as
well as the Group organization chart in the SF Group. Local offices shall keep
and maintain the local organization chart and Job Descriptions properly; update
monthly SFHK Personnel team the local organization chart.
The M.R. shall be given the necessary authority and responsibility to ensure the
operation’s effectiveness in performing its QMS, EMS, ISMS, FAIM and UNGC
meeting the requirements of ISO9001, ISO14001, ISO27001, FAIM & UNGC
requirements. M.R. shall prepare and implement the internal audit program,
initiate corrective actions, and provide QMS/EMS/ISMS data for management
review.
Each local Management has assigned M.R. for the local office, with given
necessary authority and responsibility to ensure the operation’s effectiveness.
Environmental Committee
MD
Management
Representative
The CEO has created a position known as Information Security Manager (ISM)
to maintain the Information Security Management System. The ISM shall
establish, implement and maintain the Information Security Management System.
The performance of the system shall be reported to management for information
security improvement review.
The ISM shall be given the necessary authority and responsibility to ensure the
operation’s effectiveness in performing ISO27001 requirements.
Deputy ISM shall prepare and implement the internal audit program, initiate
corrective actions, and provide QMS/EMS/ISMS data for management review.
Each local Management has assigned ISM for the local office, with given
necessary authority and responsibility to ensure the operation’s effectiveness.
5.5.5. COMMUNICATION
5.6.1. GENERAL
The MD along with the M.R. and other selected functional heads shall review
regularly the Corporate Manual to ensure suitability and effectiveness in
satisfying the Quality System and requirements of ISO9001, ISO14001,
ISO27001 and FAIM. This review shall be documented and maintained.
6. RESOURCE MANAGEMENT
6.2.1. GENERAL
The Company believes that the greater contribution in quality performance by its
employees and the Company Quality Policy, Company Environmental Policy,
Company Information Security Policy and Company Corporate Social
Responsibility Policy may only be achieved through a properly trained and
skilled work force monitored by individual divisions/departments.
To ensure that staff training and development is effective through out the
Company, the Department Managers shall review the training procedures. The
training needs of each individual shall be identified and these needs shall be met
through the provision of the appropriate training.
Extending and advancing the skills of the employees with the purpose of
improving their work satisfaction and getting a flexible work force shall enable
the Company to undertake a wider range of service and management task. The
Department Manager shall provide additional “on-the-job” training, if who deem
necessary. The progress shall be documented from an on-going monitoring and
supervision process.
The records of special training shall be retained in the training file relating to the
individual concerned. Records shall be maintained for all training and
development activities.
6.3. INFRASTRUCTURE
Santa Fe offers a full range of packing and worldwide moving services. The
Company policy shall ensure that Santa Fe carefully plans out the operation’s
moving sequence and exercise control over all aspects of the removal.
To ensure specific requirements are met when processes cannot be verified until
the customer use, qualified and trained operators shall carry the processes out
with continuous monitoring.
The M.R. shall work in conjunction with other managers that are responsible for
maintaining effective operation control.
The management realizes that suitable work environment has a positive influence
on motivation, performance of people in order to enhance the performance of the
organization. Regularly checking for maintenance of safe and suitable working
condition, supporting equipment and other facility are needed.
Santa Fe shall review and revise, where necessary, emergency preparedness and
response procedures, in particular, after the occurrence of accidents or emergency
situations whereas business continuity plan after the breakdown of business
processes. Periodically test such procedures where practicable.
Santa Fe shall review at regular the occupational health & safety procedure.
Where necessary the occupational health & safety procedure shall be amended to
address changes to the activities, service or operating conditions.
7. PRODUCT REALIZATION
The review shall verify the availability of internal capabilities (finance, process,
quality assurance, security requirements, resource availability) and resolvability
of conflicting requirements.
7.4. PURCHASING
The quality of services, materials and parts purchased by Santa Fe from the sub-
contractors in turn affects customer satisfaction. Hence, control of sub-
contractors is essential.
The receiving packing material from supplier should be inspected for the quality
and the quantity to make sure the purchased product meets specified purchase
requirements.
Ref. No. - QM000004 Page: 32 of 68
Iss. Rev. – 1.6 Date: 01 Sept 10
SANTA FE CORPORATE MANUAL
Santa Fe offers a full range of packing and worldwide moving services. The
Company policy shall ensure that Santa Fe carefully plans out the operation’s
moving sequence and exercise control over all aspects of the removal.
Servicing of the customer once they have received their goods at the required
destination without any claims does not apply in our operation.
We shall provide claims assistance but this procedure follows under Insurance.
During all stages of the operation, delivery, and installation, the products shall be
identifiable by the job number. Identification of individual products shall be
maintained in documented procedures.
Records in Traffic Department shall show evidences of control, and the source of
supplied items and services. Identification and traceability procedures shall be
effective for investigating any problems so appropriate corrective actions can be
taken.
The handling procedures shall state clearly who has the responsibility for the
inspection of the effects upon delivery to the customer and for the monitoring of
the service provided.
Any instances of lost, damaged, stolen goods, or other quality related problems
shall be noted on the relevant document and handled accordingly. The customer
shall be notified and the incident shall be reviewed.
Ref. No. - QM000004 Page: 34 of 68
Iss. Rev. – 1.6 Date: 01 Sept 10
SANTA FE CORPORATE MANUAL
All material used in operations shall be handled and stored in such a manner as to
prevent damage or deterioration. All personnel shall be provided the required
training in methods of handling customer’s effects. These techniques shall be
documented in procedures that are accessible by appropriate personnel.
The storage of items shall be controlled to ensure that customer’s effects are
identified clearly and secured whilst in the Company’s possession. This control
shall include the appropriate labeling of stored crates, and if possible, individual
cartons shall be checked by a supervisor at the point of receiving and releasing.
8.1. GENERAL
Santa Fe shall carry out comprehensive quality check at all key stages in the
operation to verify the fulfillment of documented procedures.
The M.R. shall be responsible to verify whether quality and information security
activities comply with the planned arrangements and to determine the
effectiveness of the QMS/EMS/ISMS/FAIM/UNGC. He shall prepare an internal
quality audit schedule at the beginning of each year.
Internal audit program shall be conducted once a year in all areas to assure
compliance. The schedule shall be based on the importance and priority of the
area being audited. The internal quality auditor shall be responsible for setting
up the auditing schedule.
Appointed auditors shall have no direct responsibility for the function being
audited and shall be given a comprehensive set of procedures relevant to the
department with copies of previous audits reports. Findings from previous audits
in particular areas may increase the frequency of audits for those problem
activities.
The Department Manager shall monitor the implementation of the corrective &
preventive action taken by related parties and shall re-audit the activities
according to the agreed schedule. The details of this action shall be recorded.
The M.R. shall receive the original copies of the Internal Audit Reports for
review and for storage. Periodic review shall be required by the Management
Team.
Ref. No. - QM000004 Page: 36 of 68
Iss. Rev. – 1.6 Date: 01 Sept 10
SANTA FE CORPORATE MANUAL
Inspection of certain item’s inner space, vehicle and equipment, which have been
specified to maintenance, repair, or calibration, shall be required. Monitoring of
service shall be observed by authorized personnel.
The extent and nature of inspection shall be based on objective evidence at the
customer’s premises and shall be recorded for conformance, damage and
quantities on the packing list and/or job report and/or loading chart (item
checklist) and other related document.
Local offices carry out ISO activities as usual, to submit key information to HK
office every 6 months. These key information are internal and external quality
audit plan and audit results; management review meeting details; quality and
environmental objectives; customer feedback.
Despite the Company efforts in planning and controlling the operation, non-
conformance may occur. Certain non-conformance may in fact result from
supplier’s or customer’s actions.
The authority for review and disposition of non-conforming product shall either
be reworked to meet specified requirements, accepted with or without repair,
rejected or scrapped.
Whenever possible, the customer should be informed of the details of any non-
conformance during packing / loading / unloading / delivery. Physical records of
non-conformance and the actions taken shall be analyzed to assure whether
further corrective action is needed.
8.5. IMPROVEMENT
The MD along with the M.R. and other selected functional heads shall be
responsible for reviewing the overall effectiveness of the Management System
and its documentation. This group known as the Management Team shall
determine if the overall company quality objectives/ environmental / information
security objectives are being achieved.
The issue of Corrective Action Report (CAR) may come from the following by
not restricted to them:
If the Department Head feels the matter needs farther investigation, the M.R.
shall be informed. The M.R. shall investigate and determine whether Corrective
Action is necessary and initiate a new CAR.
The system for preventive action shall detect and eliminate potential causes of
non-conformity or deficiency. Initiation and implementation of preventive
actions shall follow controls documented for effectiveness. Relevant information
on actions taken shall be submitted for management review. The system for
preventive action shall detect and eliminate potential causes of non-conformity or
deficiency, by:
ISMS Policy
1. SECURITY POLICY
1.1 SANTA FE’s management shall establish information security policy for
the “Protection of customer data and property for relocation services and
record management services”.
1.2 The ISMS policies shall align with the Company’s policy and business
requirements; comply with the legislative requirements; and make
reference with the international standards and industry best practices.
1.3 Principles of Information Security: Integrity, Availability, Confidentiality
and Authentication shall be observed and built into the information
security management system, related policies, procedures and
instructions.
1.4 All policies shall be reviewed and approved by MD. The approved
polices have to be released, published and communication to all related
stakeholders.
1.5 In order to ensure the suitability, adequacy and effectiveness of the
policies, all policies and procedures shall be reviewed by Information
Security Steering Committee at least annually or subject to major
changes in business requirements, legislative requirements,
infrastructure, application, organizational structure and key staff.
3. ASSET MANAGEMENT
3.4 This shall include the labeling and handling methods for processing,
storage protection, and transmission internally and externally and
disposal.
3.5 All printed hardcopy, manual and softcopy and data shall apply to the
same principle. Record of disposal of information shall be maintained.
4.2 TRAINING
4.3 TERMINATION
5.2.1 Equipment shall be sited and protected to reduce the risks from
environmental hazards, threats and opportunities for
unauthorized access.
5.2.2. Unless, the risk is accepted and agreed by management, all
equipment shall be protected from power failures and
disruptions either through UPS, electricity generators or other
suitable means. Power and telecommunication cable shall be
protected from interception or damage through conduits, raised
floor or other suitable protective means.
5.2.3 Equipment shall be installed and used as per the manufacturer
instruction and local legislative requirements. Preventive
maintenance of equipment shall be conducted either by SANTA
FE or approved contractors. Record for preventive maintenance
shall be maintained. If some equipment according to the
business nature is required to conduct regular alignment and
calibration, calibration methods shall be traceable to the
manufacturer instructions, national and international standards.
Calibration record shall be maintained.
5.2.4 Equipment located outside SANTA FE’s premises shall be
protected and approved prior to execution. Security control
methods should be the same as located in SANTA FE unless
management approves the security control methodology.
5.2.5 Equipment, information and software shall not be taken off-site
unless this is approved and authorized by the management.
Move-in and move-out records shall be maintained, traceable
and auditable.
5.2.6 All items of equipment containing storage media shall be
checked to ensure sensitive information and licensed software
has been removed or securely rewritten / reformatted prior to
disposal. This shall be done by SANTA FE or via approved
contactors. Disposal shall be approved by management prior to
execution. Disposal records shall be maintained.
6.1 DOCUMENTATION
6.3 SEGREGATION
6.7 BACKUP
6.10 MONITORING
7. ACCESS CONTROL
7.1.1 Access control policy for user, network (fixed & wireless),
operating system, application and information system, mobile
computing and teleworking, administrator, root, third party
contractor and customers shall be established, documented and
reviewed at least twice a year, based on the business and
security requirements.
7.1.2 Formal user registration and de-registration procedure shall be
defined and documented for granting and revoking access to all
information systems and services. Users shall have unique
identity.
7.1.3 User access shall only be granted, based on “Need-to-Know”
basis, which shall be approved by authorized personnel.
7.1.4 Privilege account shall be restricted, controlled and approved by
authorized personnel. Acceptance use policy shall be
communicated and agreed before use. Privilege account shall
have a unique password and shall be reviewed at least twice a
year.
Ref. No. - QM000004 Page: 59 of 68
Iss. Rev. – 1.6 Date: 01 Sept 10
SANTA FE CORPORATE MANUAL
11. COMPLIANCE
Cookies
A cookie is a piece of data stored on the user’s hard drive containing
information about the user. Usage of a cookie is in no way linked to any
personally identifiable information while on our site. We use cookies to keep
track of session ID numbers when a user logs into their account. This allows
the system to simultaneously keep track of multiple login sessions. Once the
user logs out and closes their browser, the cookie expires. If a user rejects the
cookie, they may still use all areas of our site with the exception of account
login.
Where you decide not to supply requested information to Santa Fe, we will
make reasonable attempt to complete the services requested where possible,
and where authorized by your company, however please be aware that the
impact could be as below:
For any information supplied that is used for immigration or household goods
moving, the intentional supply of false information may lead to criminal
prosecution of the individual and/or their company by the related government
authorities.
Your employer may require our staff to copy them on any replies to you. If
you do not wish for this to happen on any particular email, you are requested
to state this in the subject line of that email.
To protect your privacy and security, we will also take reasonable steps to
verify your identity before granting access or making corrections.
Third-Party Sites
To better serve you, we often provide links to other web sites that may be of
interest to you. We have no control over and are not responsible for the
content or the operators of such sites. Therefore, this privacy policy will not
apply to information you may provide on such sites. You should contact the
operators of any web site if you are concerned about the privacy of the
information that may be collected when you use the site.