ISO:Incident Reporting\Handling and Management
Incident Reporting\Handling and Management
Information Security weaknesses, events and incidents are reported immediately they are seen or experienced to the ISM, on form REC 13.1A which is kept on the Hornbill Technologies network. The person making the report will email a copy of the completed form to the Information Security Manager (ISM) and the Cloud Support Team. The e-mail will be flagged ‘Urgent’, and where possible will be preceded by a telephone call to the Information Security Manager (ISM). All reports should also be followed up by a telephone call to the Information Security Manager (ISM).
All Information Security weaknesses, events and incidents are, immediately upon receipt, assessed and categorised. As part of closing out the event or incident this assessment is documented. Initially, there are four categories: Events, weaknesses, incidents and unknowns: -
‘Events’ are occurrences that, after analysis, have no or very minor importance for Information Security;
‘Weaknesses’ are vulnerabilities that, after analysis, clearly exist as significant weaknesses compromising Information Security;
‘Incidents’ are occurrences of events (or series of events) that have a significant probability of compromising Hornbill Technologies’ Information Security;
‘Unknowns’ are those reported events or weaknesses that, after initial analysis, are still not capable of allocation to one of the four categories.
The ‘unknowns’ are subject to further analysis to allocate them to one of the other three categories as soon as possible.
The Information Security Manager (ISM) is responsible for closing out the incident. This includes any reports to external authorities, initiating disciplinary action as appropriate by referring the incident to the Information Security Manager; planning and implementing preventative action to avoid any further recurrence, initiating any action for compensation from software, service or outsource suppliers by referring the incident to the Information Security Manager, and communicating with those affected by or involved in the incident about returning to normal working and any other issues.
Notifications of service provision incidents (Not software\Application) effecting more than 1 instance will be available via the Hornbill Cloud twitter account (Customers are advised to follow this), our status page and blog (Blog will provide further details and full write-up once incident is over).
Primary, Secondary and Authoritative contacts will be notified by email of any ongoing incident that lasts longer than 15 minutes with status updates every 30 minutes should the incident continue.