This document highlights the standard requirements for Information Security Incident Handling within the Company.
The objectives of this standard are to:
a. Provide an incident handling process for use when Company network resources, servers, desktops, or other computing devices are compromised
b. Be prepared for an incident and follow the process detailed below to enable the Company support personnel to handle incidents consistently and appropriately
This standard applies to all Company owned or leased computing devices and network infrastructure and resources in general.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
4.2 INFORMATION SECURITY INVESTIGATION
4.4 ERADICATION AND RECOVERY
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The objective of this policy is to define standards, procedures, and restrictions for end users who are connecting a personally-owned device to Company’s organization network for business purposes.
The Records Management Policy outlines the principles and minimum standards for Record creation, classification, retention and destruction within the Company and its subsidiaries, affiliates, branches and representative offices.