Update Details: A new form for documenting information relating to information security incidents has been added.
F-Q109 Information Security Incident form has been added to assist with more detailed review and documentation of information security incidents.
The F-Q10 Significant Problem Incident Complaint Form can be used for documenting and reporting information security incidents but for more significant incidents where there are enhanced reporting and other requirements this form may be more suitable and can be added to the IMS folder in addition to F-Q10.
The form has 3 main sections;
1. Information Security Incident Summary
This section is used to capture information about the incident and what has happened.
- Details of who reported, date / time, location and type of incident
- Section to detail summary of the incident
- Overview of evidence collected
- Details of any personal data breach
2. Action Taken
This section is to document action taken in response to the incident in 3 sub-sections;
- Containment / Immediate Action
- Action to correct the issue
- Data breach reporting - if personal data breach an overview of planned and completed reporting can be detailed here
3. Final Review
This section of the form allows for a review of the issue;
- Details of who reviewed and when
- Review of the cause of the issue
- Review of effectiveness of action taken
- Review of whether action will prevent recurrence
- Details of when closed
- Incident severity rating - using list boxes with 1-5 likert scale for severity rating
- Notes
This form can be useful if wanting to have a formal process for documenting and reviewing incidents and can be used in conjunction with the ER1 issues register or any other issue tracker.
