~3-page information security policy template on reporting incidents.
Information security incidents (including events, incidents, compliance breaches, disasters, vulnerabilities, threats) and near-misses, particularly those directly affecting the organization’s information, should normally be reported to Help Desk who will initiate and coordinate the response, liaising with relevant experts and escalating to senior management if appropriate. Where fraud or serious malpractice is suspected or alleged, this may be reported to management or in confidence to Internal Audit.
Workers must not report, disclose or discuss information security matters, including incidents, breaches and near-misses, outside the organization unless duly authorized to do so by senior management, or are legally obliged to do so.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.