Core 12 ISMS
Core 12's Information Security Management System is maintained here as the current policy and procedure source of truth. Operational records, evidence, review tasks, and register items are managed in C12Dev/core12-isms-management.
Current Source Basis
The initial restructure uses the latest located legacy policy source:
| Source | Version / metadata | Use in this ISMS |
|---|---|---|
Core 12 Security Policy - v1.8.docx | revision 329, modified 2026-01-26 | Primary policy basis |
Core 12 Employee Agreement.docx | modified 2025-04-18 | Ported in full under Agreements |
| Companion Security Policy v1.8 documents | BCP, password, clean desk, development, unmanaged devices, retention, risk, contacts, schedule | Split into maintained policy, standard, procedure, and review documents |
How to Use This ISMS
- Use this portal for approved or in-review policy, procedure, standard, agreement, and operating-model documents.
- Use
core12-isms-managementfor living records: risks, assets, personnel, vendors, IT services, incidents, review evidence, and migration tasks. - Every document has an owner, status, version, and review due date in frontmatter so reviews can be tracked and automated.
Immediate Review Priorities
- Confirm owner names and role titles for governance documents.
- Confirm the ISMS scope, especially client digital projects, cloud services, managed devices, and vendor services.
- Seed
core12-isms-managementwith the initial registers listed in the migration plan. - Turn the review schedule into recurring GitHub issues and monthly summaries.