Incident management procedure
Assign topic to the user
Record: Rules for the identification, collection and preservation of evidence
My question: What is the storage duration? The template doesn’t say anything about it.
Answer:
Retention time for evidences will depend mostly on laws and regulations your organization has to comply with, so you must consult those identified on the list of legal requirements to have a precise definition for this retention time, but a good start is to retain evidences for at leas three years (the period of a ISO 27001 certification)
This article will provide you further explanation about record management:
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
Comment as guest or Sign in
Jul 09, 2019