If we have a help desk system that we use to capture users issues to the Help Desk, if this considered as Incident Mangaement.
Can this supercede the need for an actual Incident Mangement Form?
Standard say this is mandatory, but wouldn't this duplicate what is being done in the help desk ticketing system?
Or does ISO27001 have a different definition to incident to incident in a help desk management system.
Please assist, thanks.
Assign topic to the user
First is important to note that ISO 27001 only requires incident management related documents and records if controls from section A.16 are stared as applicable in the Statement of Applicability.
Considering that, provided that your implemented solution (help desk system) fulfills the standard's requirements for incident management, you do not need to implement a specific incident management form.
These articles will provide you a further explanation about the incident management:
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- Using ITIL to implement ISO 27001 incident management https://advisera.com/27001academy/blog/2015/11/10/using-itil-to-implement-iso-27001-incident-management/t/
Comment as guest or Sign in
Jun 24, 2020