SecAware materials

SecAware logo

~6-page information security policy template on incident management.


Information security incidents must be reported, managed and resolved professionally and efficiently.  Important lessons must be drawn out and learnt, prompting improvements to reduce the possibility and/or impacts of similar incidents occurring again.  This important policy lays out key aspects of incident management and the corresponding responsibilities.


Note: a specific $ value in the policy determines whether an incident qualifies as 'significant' and therefore should be treated differently from lesser incidents (e.g. they need to be escalated): management should determine and specify the appropriate threshold, or find another way to ensure greater attention is paid to more significant incidents.


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Incident management policy