When an incident is reported and entered into the logging system, an email is generated and sent to the Information Security Manager and also copied to the Directors.
All parties dealing with security incidents shall undertake to:
analyze and establish the cause of the incident and take any necessary steps to prevent recurrence
report to all affected parties and maintain communication and confidentiality throughout investigation of the incident
identify problems caused as a result of the incident and to prevent or reduce further impact
contact 3rd parties to resolve errors/faults in software and to liaise with the relevant personnel to ensure contractual agreements and legal requirements are maintained and to minimize potential disruption to other Company systems and services
ensure all system logs and records are securely maintained and available to authorized personnel when required
ensure only authorized personnel have access to systems and data
ensure all documentation and notes are accurately maintained and recorded and made available to relevant authorized personnel
ensure all authorized corrective and preventative measures are implemented and monitored for effectiveness
All incidents logged shall have all the details of the incident recorded - including any action/resolution, links or connections to other known incidents. Incidents which were initially resolved but have recurred will be reopened or a new referencing the previous one will be created.
The Information Security Manager is initially responsible for handling security incidents and will make a decision as to whether an incident needs to be 'handed' over and dealt with by Company Directors where appropriate.