3-page generic policy on reporting [information security] incidents.
Serious information security incidents (including events, incidents, disasters, vulnerabilities, threats and near-misses), particularly those directly affecting the organization’s information, must normally be reported to Help Desk who will initiate and coordinate the response. Where fraud or serious malpractice is suspected or alleged, this may be reported in confidence to Internal Audit.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Incident reporting policy
Template policy on incident reporting
Updated June 2018
See also the whistleblowing and incident management policies