Guest user Created: Jan 08, 2019 Last commented: Jan 08, 2019

Incident response plan

I’m sorry I have an additional question about the emergency management plan. Do we need to have a plan like that in case of a significant incident or would it be enough if we would have a list of people and a clear structure how to handle the incident? I’m guessing chapter A.16 of the ISO Standard is the reason for a plan like that?! Is that right?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jan 08, 2019

Answer:

I'm assuming you are referring to the Incident Response Plan mentioned on section 3.4 of the Incident Management Procedure template. Considering that, first is important to note that an Incident Response Plan is needed only if you have an incident where activities are disrupted for a time above which is considered acceptable by business. If you have no situations like that, you do not have to develop an Incident Response Plan.

In case an Incident Response Plan is needed, it must include actions to:
- contain or stop the incident, in case it is still occurring
- minimize the im pacts of the incident
- recover minimal service levels
- recover normal operational conditions

And of course for each activity you have to define who will perform them.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 08, 2019

Expert Advice Community