Guest user Created: Jan 03, 2019 Last commented: Jan 03, 2019

Incident management

In case of a significant incident the procedure of incident management talks about an emergency management plan. Our management said it would be hard to make one plan for a lot of different cases / assets etc. They said they would prefer having more than one plan for different things. They said the would like to look into the risk assessment and making an emergency management plan for assets with a high risk. Does that make sense?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 03, 2019

Answer:

The management understanding is correct. Having a single plan to cover multiple types of incidents or assets would be a big and unpractical document, then the best approach would be to have multiple small documents covering specific assets or incidents.

These articles will provide you further explanation about incident management:
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- Using I TIL to implement ISO 27001 incident management https://advisera.com/27001academy/blog/2015/11/10/using-itil-to-implement-iso-27001-incident-management/t/
Em 02/01/2019 19:03, Vanda Pentic escreveu:

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 03, 2019

Expert Advice Community