I am re-using in ISMS a QMS procedure for nonconformities management. May I merge incident management with nonconformities management in the same procedure?
Answer:
From my point of view it is not recommendable, because they are different things from information security point of view. Anyway, in ISO 27001 it is not mandatory to have a documented procedure for nonconformities management (only is mandatory to have records about results of corrective actions). So, will be better if you maintain your incident management as independent procedure documented, although you can use you QMS procedure for nonconformities management, but remember, in ISO 27001 is not mandatory to have a documented procedure for this.
To know the list of mandatory documents and records of ISO 27001:2013, this article can be interesting for you List of mandatory documents required by ISO 27001 (2013 revision) : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
Finally, this article can be also int eresting for you "How to handle incidents according to ISO 27001 A.16" : https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
Comment as guest or Sign in
Jan 13, 2016