6-page generic policy on information security incident management.
Information security incidents must be reported, managed and resolved in a professional and efficient manner. Important lessons must be drawn out and learnt in order to reduce the possibility of the same or similar incidents occurring repeatedly. This policy lays out key aspects of incident management and the corresponding responsibilities.
A specific $ value in the poilicy determines whether an incident qualifies as 'significant' and therefore should be treated differently from lesser incidents: management should determine and specify the appropriate quantity.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.