BANK ISLAM BRUNEI DARUSSALAM BHD

Policy Document

[Title of the policy]

[Document number (to be obtained from IT Governance team)]

[Version xx]

CONFIDENTIAL

Copyright © 2018 Bank Islam Brunei Darussalam.

All rights reserved.
 [Title of the process]

Document Control

Organization BIBD
Filename [Document number<space>document title]
Document Author [Name of Author]
Document Owner [Head of Department]
Release Date dd Month, yyyy
Next Review Date dd Month, yyyy

Revision History

Version Date Author Status Change Description

dd-mm-yyyy

Reviewed By

Role/Designation Name Signature Date

Approvals

This document must be signed off by CIO and Head of Department before considering the policy
effective. Maintenance and change approvals to be organized by IT Governance team.

Role/Designation Name Signature Date

Document Distribution

This document will be distributed to: [All staff of BIBD]

____________________________________________________________________________________________________________
[Document number]
[Version xx] [Document classification] P a g e |2
 [Title of the process]

Contents
1 Purpose.....................................................................................................................................................4
2 Objective...................................................................................................................................................4
3 Regulation and Standard...........................................................................................................................4
4 Audience...................................................................................................................................................4
5 Scope of Policy..........................................................................................................................................4
6 Risks..........................................................................................................................................................4
7 Policy Details.............................................................................................................................................4
8 Responsibility............................................................................................................................................4
9 Policy Governance....................................................................................................................................4
10 Policy Compliance.....................................................................................................................................5
11 Policy Review............................................................................................................................................5
12 References................................................................................................................................................5
13 Key Message.............................................................................................................................................5

____________________________________________________________________________________________________________
[Document number]
[Version xx] [Document classification] P a g e |3
 [Title of the process]

1 Purpose

[Define the purpose of this policy. Consider this of a Vision statement of the policy]

2 Objective

[List down the objectives of the policy (there can be multiple objectives to meet the purpose.
This is to be the mission statement of the policy]

3 Regulation and Standard

[List the applicable regulation or standard’s clause that the policy is built for.]

4 Audience

[Mention the audience for the policy

E.g. Applies to all BIBD staff including temporary, contractor, partner or vendor(s) who deals
with BIBD Information, irrespective of the information location or the type of device it reside on.]

5 Scope of Policy

[Mention the scope that this policy covers

E.g. This policy is applicable for all information and data related to BIBD]

6 Risks

[List down the risk that will be controlled by the policy

E.g. This policy aims to mitigate the following risks:

 Unauthorized access to sensitive information

 Disclosure of restricted and confidential information to 3rd parties and vendors
 Improper handling of sensitive BIBD information]

7 Policy Details

[List down the complete details of the policy. This can include tables, charts, etc. as required]

8 Responsibility

It is the responsibility of the information owner to ensure adherence to this policy. The
information or data owner shall be solely responsible for the appropriate classification &
labelling of the information, document and data.

9 Policy Governance

The following table identifies who within BIBD is Responsible, Accountable, Informed or
Consulted with regards to this policy. The following definitions apply:

____________________________________________________________________________________________________________
[Document number]
[Version xx] [Document classification] P a g e |4
 [Title of the process]

 Responsible – the person(s) responsible for developing and implementing the policy.
 Accountable – the person who has ultimate accountability and authority for the policy.
 Consulted – the person(s) or groups to be consulted prior to final policy implementation or
amendment.
 Informed – the person(s) or groups to be informed after policy implementation or
amendment.

Responsible [Head of Department]

Accountable Chief Information Officer (CIO)

Consulted Chief Information Officer (CIO)

Informed Chief Information Officer (CIO)

10 Policy Compliance

[Define the compliance statement for the policy

E.g. If any BIBD staff is found to have breached this policy, they may be subject to BIBD
disciplinary procedure, as per “Human Resources Policy Manual”. If a criminal offence is
considered to have been committed, further action may be taken to assist in the prosecution of
the offender(s).

When any deviation from this policy or related processes and procedures is required, the
requester has to seek for Risk Acceptance approval as per BIBD Enterprise Risk Management
Framework.]

11 Policy Review
[Define the review process for this policy.

All document has a maximum validity period of 3 years from the last revision date. Document
owner must assess and review their documents for continued applicability within this period.
Documents shall be revised immediately in case of major changes to the work environment in
terms of technology or process, if the change leads to any impact to the current process or
procedure.
E.g. This policy shall be reviewed at least once a year, from the approval date, as part of an
overall management review by BIBD IT governance team. The policy will also be reviewed in
response to significant changes in any associated policy of BIBD.

The performance of the policy shall be assessed with clearly defined parameters to measure
the level of success in meeting set goals and objectives.]

12 References

[List the directly or related policy, process or procedure documents

E.g. This Policy documents is directly relevant to following document

 Employee Handbook v23 - HRHCD effective November 2017(6.1.4.6 Confidentiality)]

____________________________________________________________________________________________________________
[Document number]
[Version xx] [Document classification] P a g e |5
 [Title of the process]

13 Key Message

[Any key message related to this policy shall be listed

E.g. If you are unsure of anything in this policy or how it may apply to you, seek advice from IT
Governance team.]

____________________________________________________________________________________________________________
[Document number]
[Version xx] [Document classification] P a g e |6