BIZOPS-19 Security Incident Tracking

What is this control about?

Once an incident/violation has been identified, there must be a process to track the incident to resolution. This can be done in a formal way using a ticketing system or informally tracked in a folder. There is no right or wrong, however the preferred method is tracking using a ticketing system such as JIRA.

For each incident there must be an incident report that contains the details of the incident, the date it occurred, who identified/reported it, its impact, resolution, and lessons learned.

Available tools in the marketplace

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• TrustCloud incident report template

Control implementation

Implement a formal and repeatable process to track and remediate any identified incidents. This can include the following steps:

• Create a folder or project in a ticketing system for tracking incidents only
• Document the incident report and include:
  • The details of the incident
  • The date it occurred
  • Who identified/reported it
  • Its impact
  • Resolution
  • Lessons learned
  • Reporting if applicable

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Provide screenshot of the folder of ticketing system used to track incidents
• Provide a most recent example of incident report ticket

Evidence example

From the suggested action above, an example is provided below.

See evidence provided under BIZOPS-8