Expert Advice Community

Guest

Incident Management Procedure

  Quote
Guest
Guest user Created:   Jan 05, 2021 Last commented:   Jan 05, 2021

Incident Management Procedure

In the Incident Management Procedure there is a section called “Managing records kept based on this document”. Unfortunately I could not find a good definition for it t determine how to handle it. It would be great if you could help me more resources about this part of policy

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 05, 2021

Records are specific types of documents used to evidence that activities were performed and/or results were achieved, and to be compliant with ISO 27001 standards you need to keep some records about incident handling, such as the incident log, for a period of time-related to some need defined by the organization, or by a legal requirement that must be fulfilled (e.g., a law, regulation or contract). Once the retention period is over you can dispose of the record, simply by deleting them, or through specific procedures to prevent them to be accessed once disposed of.

Additionally, once a record is created, it cannot be amended, so access to such records need to be controlled.

This article will provide you a further explanation about managing records:

These materials will also help you regarding records management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 05, 2021

Jan 05, 2021