SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

A.16.1.7 Collection of evidence

  Quote
Guest
Guest user Created:   Mar 29, 2016 Last commented:   Mar 29, 2016

A.16.1.7 Collection of evidence

I would like to know if there is some document or tool that help me to implement the requirement A.16.1.7 of Annex A of ISO/IEC 27001
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Antonio Jose Segovia Mar 29, 2016

Answer:
This control is related to the information that is gathered and managed to treat with information security incidents, which can be used for example as evidence in a forensic analysis. So, basically you need to keep all information related to the information security incidents in a secure way, taking into account: chain of custody, safety of evidence, safety of personnel, roles and responsibilities of personnel involved, competency of personnel, etc.

These points can be established in an incident management procedure, which is a mandatory document in the implementation of ISO 27001:2013, so our template can be useful for you “Incident Management Procedure” (you can see a free version clicking on “Free demo” tab) : https://advisera.com/27001academy/documentation/incident-management-procedure/

This article can help you because has a list of mandatory documents about ISO 27001:2013 “List of mandator y documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

And this article about how to handle incidents can be also interesting for you “How to handle incidents according to ISO 27001 A.16” : https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/

Finally, our online course can be also interesting for you because we give more information about the management of information security incidents “ISO 27001:2013 Foundations Course” : https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 29, 2016

Mar 29, 2016

Suggested Topics

Guest user Created:   Oct 04, 2016 ISO 27001 & 22301
Replies: 1
0 0

SoA and A.16 controls

Guest user Created:   Oct 18, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS evidence

Nika Created:   Feb 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

Evidence of competence