Expert Advice Community

Guest

Updating the Incident Management Procedure

  Quote
Guest
Guest user Created:   Dec 21, 2020 Last commented:   Dec 21, 2020

Updating the Incident Management Procedure

I am going to update the INCIDENT MANAGEMENT PROCEDURE according to our own company. I have some questions.

It would be great if you could share some examples for different categories like security weakness or event and incidents. This way we can get a better understanding of each type.

Should we include our maintenance window to this document to exclude from our SLA? I mean we use this document as a reference for SLA.

Do you recommend any tool for handling incidents proper for small business?

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Dec 21, 2020

It would be great if you could share some examples for different categories like security weakness or event and incidents. This way we can get a better understanding of each type.

Weakness is a characteristic of an asset which enables a potential threat to create an incident - for example, this could be a software that is not patched. For other explanations see this article: ISO 27001 information security event vs. incident vs. non-compliance https://advisera.com/27001academy/blog/2018/12/03/iso-27001-information-security-event-vs-incident-vs-non-compliance/ 

Should we include our maintenance window to this document to exclude from our SLA? I mean we use this document as a reference for SLA.

I assume you refer to Incident Management Procedure - this procedure needs to be aligned with your existing SLAs, meaning you have to plan to react to incidents in a way to comply with the requirements from your clients. 

Here's some more information: How to handle incidents according to ISO 27001 A.16 http://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/ 

Do you recommend any tool for handling incidents proper for small business?

In couple of months time we will launch a new SaaS tool that will help smaller companies handle incidents compliant with ISO 27001 - we'll let you know once we complete it. 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 21, 2020

Dec 21, 2020