Incident Reporting Procedure Policy

• Table of Contents

  • EDC Inc Incident Reporting Procedure Policy
  • 1. Purpose
  • 2. Scope
  • 3. Definitions
  • 4. Incident Reporting Procedure
  • 5. Incident Management
  • 6. Incident Resolution
  • 7. Incident Review
  • 8. Compliance
  • 9. Review and Update
  • Summary

EDC Inc Incident Reporting Procedure Policy

This policy outlines the procedures for reporting and managing incidents at EDC Inc. It is designed to ensure that all incidents are reported in a timely manner, properly investigated, and that appropriate corrective actions are taken.

1. Purpose

The purpose of this policy is to establish guidelines for reporting and managing incidents that may impact the operations, assets, or reputation of EDC Inc. This includes incidents related to IT systems, physical security, and compliance issues.

2. Scope

This policy applies to all employees, contractors, and third-party service providers of EDC Inc. It covers all incidents that occur within the company’s premises or that involve the company’s assets or systems.

3. Definitions

• Incident: An event that is not part of the standard operation of a service and that causes, or may cause, an interruption to, or a reduction in, the quality of that service.
• Active Directory: A directory service developed by Microsoft for Windows domain networks. It authenticates and authorizes all users and computers in a Windows domain type network.
• CMDB: Configuration Management Database, an ITIL database used by an organization to store information about hardware and software assets.
• CAB: Change Advisory Board, a body that exists to support the authorization of changes and to assist change management in the assessment and prioritization of changes.

4. Incident Reporting Procedure

All incidents must be reported to the IT-SOC (Incident Management) department as soon as they are identified. The report should include a detailed description of the incident, the date and time it occurred, the systems or assets affected, and any other relevant information.

5. Incident Management

The IT-SOC department is responsible for managing all reported incidents. This includes investigating the incident, determining its impact, and coordinating the response. The IT-SOC department will also liaise with other relevant departments, such as IT Security Operations, IT Server Operations, and Corporate Physical Security, as necessary.

6. Incident Resolution

The IT-SOC department will work with the relevant departments to resolve the incident and restore normal operations as quickly as possible. This may involve patching servers, updating the Active Directory, or making changes to the CMDB. All changes must be approved by the CAB.

7. Incident Review

Once the incident has been resolved, the IT-SOC department will conduct a review to determine the cause of the incident and to identify any lessons learned. The results of this review will be shared with the relevant departments and used to improve the company’s incident management procedures.

8. Compliance

All employees, contractors, and third-party service providers are required to comply with this policy. Failure to do so may result in disciplinary action, up to and including termination of employment or contract.

9. Review and Update

This policy will be reviewed and updated on an annual basis, or as needed, by the IT Audit and Compliance department. Any changes to the policy will be communicated to all employees, contractors, and third-party service providers.

Summary

The Incident Reporting Procedure Policy at EDC Inc is designed to ensure that all incidents are reported and managed in a timely and effective manner. It sets out clear procedures for reporting incidents, managing incidents, resolving incidents, and reviewing incidents. It also emphasizes the importance of compliance with the policy and outlines the consequences of non-compliance. By following this policy, EDC Inc aims to minimize the impact of incidents on its operations, assets, and reputation.