Docy Child

BIZOPS-19 Security Incident Tracking

Estimated reading: 2 minutes 544 views

What is this control about?

Once an incident/violation has been identified, there must be a process to track the incident to resolution. This can be done in a formal way using a ticketing system or informally tracked in a folder. There is no right or wrong, however the preferred method is tracking using a ticketing system such as JIRA.

For each incident there must be an incident report that contains the details of the incident, the date it occurred, who identified/reported it, its impact, resolution, and lessons learned.

Available tools in the marketplace

 No tools recommendation for this section’

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

Control implementation

Implement a formal and repeatable process to track and remediate any identified incidents. This can include the following steps:

  • Create a folder or project in a ticketing system for tracking incidents only
  • Document the incident report and include:
    • The details of the incident
    • The date it occurred
    • Who identified/reported it
    • Its impact
    • Resolution
    • Lessons learned
    • Reporting if applicable

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

  • Provide screenshot of the folder of ticketing system used to track incidents
  • Provide a most recent example of incident report ticket

Evidence example

From the suggested action above, an example is provided below.

See evidence provided under BIZOPS-8




Join the conversation

Twitter Facebook LinkedIn

❤️  Joyfully crafted by a 100% distributed team.