Guest
IS Incident Management Procedures
Hi Dejan,
I am actually drafting some ISO 27001 mandatory procedures,
Regarding the Information Security Incident Management Procedures, I have noticed that there is 3 procedures :
- Reporting IS weaknessess & Events
- Responding to IS Reports
- Collection of evidences
Can I decscribe all this procedures in one general procedure "Information Security Incident Management Procedure" or I should build each procedure separatelty, what is the most convenient?
Thanks in advance
Assign topic to the user
Kaoutar,
Yes, you can place all these procedures in one single document - this is the most convenient. This is exactly how our Incident Management Procedure is structured: https://advisera.com/27001academy/documentation/incident-management-procedure/
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016