ISMS Policies

  1. Home
  2. ISMS Policy
  3. Incident Management Plan

Incident Management Plan

1. Objective

To outline the plan for reporting and managing incidents by managing information security risks. The audience for this document is all the employees of Integra. Employees should use this document to formulate and execute plan for incident reporting and business resumption.

2. Scope

This is applicable to all the centers of Integra.

3. Reference

Standard ISO 27001:2022 Information Security Management System

Controls: A 5.24, A 5.25, A 5.26, A 5.27,A 5.28,A 6.8

4. Definition

This document is organized as follows:

  • Integra’ strategy towards incident management.
  • Explains the processes to respond to an IT security incident.
  • Explains the governance process over incident management.

5. General Principles

5.1 Call Tree and Contacts

5.1.1 Notification Calling Tree

Following diagram provides calling tree of Integra employees. The calling tree for external suppliers is provided in following sections. The contact details are provided in key personnel contact information.

5.2 Incident Management Strategy

5.2.1 Information Security Policy

Please refer the latest version of Integra Information Security Policy IGS/ISP 024.

5.2.2 IT Security Risk Analysis

Integra is predominately an offshore-based Business Process Outsourcing, software services organization with key focus on outsourcing projects. The section lists the IT assets to be protected and set of sources that can make the assets vulnerable to security threats and impact of an event of security incident.  

5.2.3 Sources of Vulnerability

Following are the sources of vulnerability and violations that can compromise IT security.

The list is not comprehensive, however is evolved based on current visibility

5.2.4 Impact of Incident

Security incidents can cause the following impact:

  • Legal action by relevant authorities
  • Penalties due to breach of contracts and agreements
  • Financial loss to correct or contain problems
  • Loss of time to correct or contain problems
  • Loss of reputation with customers or across industry
  • Stopping or suspending of critical business
  • Loss of business
  • Suspension or revocation of ISO 27001 certificate

5.2.5 Incident Detection

Since the number of IT assets that can get affected, the impact due to an incident and vulnerabilities are high, there need to be multiple channels to detect incidents.

5.2.6 Incident Response

The call tree for incident reporting is provided in the beginning of the document. All the incidents will have to be reported to Chief Information Security Officer (CISO). Incident report has to be prepared for all the incident types.

5.2.7 Post Incident Review Meeting

The CISO conducts a post incident review meeting, or “lessons learned” discussion within 7 days of completing the recovery. The CISO completes the Lessons Learned template before closing the incident.

During this meeting, the following items are discussed and documented:

  • Step-by-step walkthrough of incident
  • Root cause analysis
  • Risks and vulnerabilities that led to the security incident
  • Similar security incidents that have occurred in the past
  • Identified key areas of success related to the incident
  • Identified areas for improvement related to the incident
  • Any improvements that could be made to the Security Incident Response Plan
  • Any patterns or recurring security incidents
  • Completed remediation tasks
  • Updates on identified risks

Post incident review meetings allow decision makers to identify contributing factors to an incident, and to determine corrective actions that will prevent or reduce reoccurrence. This proactive response serves to increase the security posture of the organization as a whole over time, and allows the organization to move forward in a manner that matches the emerging threat landscape.