Information Security Incident Management Procedure

1. Purpose

To ensure that information security incidents are reported, handled, and improved in a timely manner.

2. Scope

This procedure applies to all events that affect the company’s information assets.

3. Procedure

• Report – The person who discovers an incident must notify the ISMS (Information Security Management System) owner immediately.
• Assess – Make an initial assessment of the impact of the incident.
• Contain – Take necessary measures to reduce impact.
• Improve – After closure, perform root cause analysis and implement improvements.

4. Example Incidents

• Unauthorized access
• Suspected data breach
• System anomaly or outage

5. Records

• Incident log – Maintain an incident log (including simulated or drill events where applicable).