Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Expert Advice Community

Guest

A.16.1.7 Collection of evidence

  Quote
Guest
Guest user Created:   Mar 29, 2016 Last commented:   Mar 29, 2016

A.16.1.7 Collection of evidence

I would like to know if there is some document or tool that help me to implement the requirement A.16.1.7 of Annex A of ISO/IEC 27001
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Antonio Jose Segovia Mar 29, 2016

Answer:
This control is related to the information that is gathered and managed to treat with information security incidents, which can be used for example as evidence in a forensic analysis. So, basically you need to keep all information related to the information security incidents in a secure way, taking into account: chain of custody, safety of evidence, safety of personnel, roles and responsibilities of personnel involved, competency of personnel, etc.

These points can be established in an incident management procedure, which is a mandatory document in the implementation of ISO 27001:2013, so our template can be useful for you “Incident Management Procedure” (you can see a free version clicking on “Free demo” tab) : https://advisera.com/27001academy/documentation/incident-management-procedure/

This article can help you because has a list of mandatory documents about ISO 27001:2013 “List of mandator y documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

And this article about how to handle incidents can be also interesting for you “How to handle incidents according to ISO 27001 A.16” : https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/

Finally, our online course can be also interesting for you because we give more information about the management of information security incidents “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 29, 2016

Mar 29, 2016

Suggested Topics

Guest user Created:   Oct 04, 2016 ISO 27001 & 22301
Replies: 1
0 0

SoA and A.16 controls