A.16.1.7 Collection of evidence

Answer:
This control is related to the information that is gathered and managed to treat with information security incidents, which can be used for example as evidence in a forensic analysis. So, basically you need to keep all information related to the information security incidents in a secure way, taking into account: chain of custody, safety of evidence, safety of personnel, roles and responsibilities of personnel involved, competency of personnel, etc.

These points can be established in an incident management procedure, which is a mandatory document in the implementation of ISO 27001:2013, so our template can be useful for you “Incident Management Procedure” (you can see a free version clicking on “Free demo” tab) : https://advisera.com/27001academy/documentation/incident-management-procedure/

This article can help you because has a list of mandatory documents about ISO 27001:2013 “List of mandator y documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

And this article about how to handle incidents can be also interesting for you “How to handle incidents according to ISO 27001 A.16” : https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/

Finally, our online course can be also interesting for you because we give more information about the management of information security incidents “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/