BIZOPS-20 Security Incident Change Management

What is BIZOPS-20 Security Incident Change Management Control?

Security incident change management is an important process. Depending on the nature of the incident or violation, a code change may be needed. It is important to track such instances and ensure that the code change follows the existing change management process of approval, code review, and deployment to production.

Available tools in the marketplace 

Tools

No tool recommendations are made for this section.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• TrustCloud incident report template

Control implementation

To implement this control,

• Document in the incident management policy that incidents resulting in code changes follow the change management process.
• Track such incidents by linking them to the change ticket.
• Document in the change ticket the origination of the change request.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. Provide a recent example of an incident report ticket that includes a link to a change ticket (if applicable).
2. Provide the corresponding change ticket, which shows evidence that the code change origination was the incident (if applicable).

Evidence example

For the suggested action, an example is provided below:

1. Provide the most recent example of an incident report ticket that includes a link to a change ticket.
   Refer to the incident report example under BIZOPS-8 as an example of evidence.
   
2. Provide the corresponding change ticket, which indicates that the origination was the incident.
   The following screenshot shows the change ticket.