Master Document Register

Created by Venkat Pothamsetty, Modified on Fri, 22 Aug at 8:09 PM by Venkat Pothamsetty

Master Document Register (MDR)

SquareX Holdings, Inc.
Information Security Management System
ISO/IEC 27001:2022 Clause 7.5 Compliance

Document Control Information

Register Version: 1.0
Last Updated: 2025-08-22
Next Review: 2025-11-01
Document Controller: ISMS Lead
Approved By: Jeswin Mathai, CISO
Classification: Internal Use
Review Frequency: Quarterly
Total Documents: 15 Active

Complete Document Inventory

Document ID	Document Name	Document Type	Version	Revision Date	Owner	Status	Classification	Storage Location	Next Review	ISO Clause
D001	ISMS Manual	Manual	1.0	2025-08-22	CISO	Active	Internal	Google Drive / Confluence	2025-11-01	4.3, 5.2
D002	Statement of Applicability (SoA)	Assessment	1.0	2025-08-22	CISO	Active	Internal	Google Drive / Risk Mgmt Repo	2025-11-01	6.1.3(d)
D003	Risk Assessment & Treatment (RART)	Assessment	1.0	2025-08-22	CISO	Active	Internal	Google Drive / Risk Mgmt Repo	2025-11-01	6.1.2, 6.1.3
D004	Master Document Register (MDR)	Register	1.0	2025-08-22	ISMS Lead	Active	Internal	Google Drive / Doc Control	2025-11-01	7.5
D005	Information Asset Register (IAR)	Register	1.0	2025-08-22	ISMS Lead	Active	Internal	Google Drive / Assets Repo	2025-11-01	A.8.1.1
D006	Management Review Meeting (MRM) Records	Records	1.0	2025-08-15	CISO	Active	Internal	Google Drive / MRM Repo	2026-02-01	9.3
D007	Access Control Policy	Policy	2.1	2025-07-04	CISO	Active	Internal	Google Drive / Policies	2026-01-04	A.9.1.1
D008	Information Security Policy	Policy	1.0	2025-07-04	CISO	Active	Internal	Google Drive / Policies	2026-07-04	5.2, A.5.1.1
D009	Security Training Records	Records	1.0	2025-07-04	ISMS Lead	Active	Internal	Google Drive / Training Repo	2025-12-01	7.2, 7.3
D010	Incident Management Policy	Policy	1.0	2025-07-04	CISO	Active	Internal	Google Drive / Policies	2026-07-04	A.5.25, A.16.1
D011	Vendor Management Policy	Policy	1.0	2025-07-04	CISO	Active	Internal	Google Drive / Policies	2026-07-04	A.5.22, A.5.23
D012	Business Continuity & Disaster Recovery Policy	Policy	1.0	2025-07-04	CISO	Active	Internal	Google Drive / Policies	2026-07-04	A.17.1
D013	Data Classification & Retention Policies	Policy	1.0	2025-07-04	CISO	Active	Internal	Google Drive / Policies	2026-07-04	A.8.2, A.5.12
D014	Encryption & Media Disposal Policies	Policy	1.0	2025-07-04	IT Manager	Active	Internal	Google Drive / Policies	2026-07-04	A.10.1, A.8.3
D015	HR Security Policy & Procedures	Policy	1.0	2025-07-04	HR Lead	Active	Internal	Google Drive / HR Repo	2026-07-04	A.6.1, A.7.1

? Document Categories & Organization

Core ISMS Documents

ISMS Manual (D001)
SoA (D002)
RART (D003)
IAR (D005)

Policy Documents

Information Security Policy (D008)
Access Control Policy (D007)
Vendor Management Policy (D011)
Incident Management Policy (D010)
BC/DR Policy (D012)
Data Classification & Retention (D013)
Encryption & Media Disposal (D014)
HR Security Policy (D015)

Control Documents

Master Document Register (D004)

Records & Evidence

Management Review Meeting Records (D006)
Security Training Records (D009)

? Storage Governance & Access Control

Primary Storage: Google Drive (controlled folders per category)
Secondary Storage: Confluence / Freshdesk knowledge base
Access Control:
- MFA for access
- RBAC aligned with ISMS roles
- Logging and audit trails for changes
- Version control enabled

Addendum: Documentation Governance

Retention Periods:
- ISMS Core Docs (Manual, SoA, RART, IAR): 5 years
- Policies: 3 years
- Records: 3 years
- Superseded documents archived for 1 year
Classification Schema:
- Public → safe for release
- Internal → all staff
- Confidential → leadership, auditors
- Restricted → CISO / designated roles
Document Status:
- Draft → under development
- Published → approved and active
- Archived → superseded, retained for history