Expert Advice Community

Guest

Incidents

  Quote
Guest
Guest user Created:   Aug 03, 2022 Last commented:   Aug 03, 2022

Incidents

Below are the reasons why numerous incidents need to be removed:

  1. We created just for testing.
  2. We recently changed our incident management procedure in a way that incidents which are already put-in are not really relevant.

Since currently incidents from the Incident Register cannot be removed, What are we supposed to be doing now with respect to external auditing? We are quite concerned that numerous incidents contradict the incident procedure and can be marked as non-conformity which will cause a failure. ( Client wants to remove incidents under the incident register in Conformio, but for now, we do not have the possibility to delete)

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 03, 2022

Please note that the incident registers are records, and as such, they should not be deleted and should be evaluated in the context when they were created.

Considering that, for the first case, you need to document which incidents were created only for testing purposes and store this document as a management decision.

For the second case, you need to show to the auditor the incident procedure that was valid at the time the incidents were recorded. The auditor needs to evaluate the processes at that time considering that procedure, not the current one.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 03, 2022

Aug 03, 2022

Suggested Topics