Incident Management Procedure Policy
1. Purpose
The purpose of this IT Incident Management Standard is to provide guidelines for managing all IT incidents, including cyber incidents.
2. Definitions
Incident: An unexpected event that disrupts business operational processes or reduces the quality of work. Something that has the potential to cause harm or danger, property damage or environmental damage.
Cyber incident: A security event that compromises the integrity, confidentiality and availability of an information asset.
Common examples of incidents that must be reported are:
- loss of data, equipment, service or facilities,
- system malfunctions or overloads,
- human errors,
- non-compliance with policies, procedures or guidelines,
- uncontrolled system changes,
- malfunction of software or hardware – these, or other anomalous system behaviour, may be an indicator of a security attack or actual breach and must always be reported and investigated,
- access control violations
- phishing attacks/suspicious emails
3. Incident Reporting Channels
All IT incidents must be reported to RFG Foods IT Management and line management via email, telephone or helpdesk as soon as possible.
Security weaknesses may be observed by any employee, whilst they may not represent an incident they must be reported for further investigation and remedial action as necessary. They must be reported to IT Management and line management, as soon as possible to prevent an incident occurring. Employees must not attempt to prove that an observed system weakness can be exploited. Testing system weaknesses could be interpreted as potential misuse of the system and may cause an information security incident to occur.
4. Key IT Contacts
5. Incident Management Procedure
7. Appendix A: Risk Management Impact Assessment
