© 2019 IsecT Limited, New Zealand      Get in touch

3-page generic policy on reporting [information security] incidents.


Serious information security incidents (including events, incidents, disasters, vulnerabilities, threats and near-misses), particularly those directly affecting the organization’s information, must normally be reported to Help Desk who will initiate and coordinate the response.  Where fraud or serious malpractice is suspected or alleged, this may be reported in confidence to Internal Audit.


Delivered as an editable MS Word document, easily customized for your organization's specific needs.

Incident reporting policy

  • Template policy on incident reporting


    Updated June 2018

    See also the whistleblowing and incident management policies

  • April 2019