Collection of evidence
Can you please explain the implementation of the Point mentioned in the Doc A.16_Incident_Management_Procedure_27001_EN.
Assign topic to the user
I'm assuming you are referring to the term "Point of Contact" mentioned in section 3.1 "Receipt and classification of incidents, weaknesses, and events".
Considering that, the term "Point of Contact" refers to the person or role to which all communication related to an issue must be directed to, and for its implementation, you only need to define a person or role in your organization to perform it.
For example, for the information and communication technology-related events you can define the IT manager as the Point of Contact, and for other events, you can define the Operational manager.
These articles will provide you a further explanation about the incident management:
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- Using ITIL to implement ISO 27001 incident management https://advisera.com/27001academy/blog/2015/11/10/using-itil-to-implement-iso-27001-incident-management/t/
Comment as guest or Sign in
Jul 24, 2020