Created by User 7142e, last modified on Jan 24, 2023

This policy shall be reviewed by relevant stakeholders, send feedbacks and shall be approved by relevant Decision Makers and with the Final Approval of the Legal Department for Implementation.

Furthermore please check the latest BSP MORB Guidelines and Requirements to confirm the policies and procedures stated herein.

Introduction:

This policy outlines the procedures for identifying, responding to, and reporting security incidents within the organization. This policy is intended to ensure the confidentiality, integrity, and availability of IT systems and resources by quickly identifying and mitigating security incidents.

Scope: This policy applies to all employees, contractors, and other individuals who are responsible for the operation and maintenance of IT systems and resources, including but not limited to: servers, databases, applications, and network resources.

Policy:

  1. Incident identification:

  • All employees, contractors, and other individuals must be trained to recognize security incidents and report them to the designated IT administrator or an authorized representative.

  • Security incidents must be reported immediately to the designated IT administrator or an authorized representative.

  • Security incidents must be classified based on their severity and impact.

  1. Incident response:

  • The IT department must establish a process for responding to security incidents, including incident classification, escalation, and communication.

  • The IT department must establish procedures for preserving evidence and conducting investigations.

  • The IT department must establish procedures for containing and mitigating security incidents.

  1. Incident reporting:

  • The IT department must establish a process for reporting security incidents to the appropriate authorities, including the BSP.

  • The IT department must establish procedures for documenting and analyzing security incidents.

  • The IT department must establish procedures for communicating security incidents to affected parties.

Implementation:

  • The IT department is responsible for the implementation and enforcement of this policy.

  • The IT department must establish a process for incident identification, response, and reporting.

  • The IT department must conduct regular audits to ensure compliance with this policy.

Enforcement:

  • Non-compliance with this policy may result in disciplinary action, up to and including termination of employment or contract.

  • Any suspected violations of this policy must be reported to the IT department immediately.