T8.3.2 - REPORTING INFORMATION SECURITY EVENTS Implementation Guidance
The entity shall report information security events through appropriate management channels.
Back to T8.3.2 - P4 - REPORTING INFORMATION SECURITY EVENTS
All employees and external party users should be made aware of their responsibility to report any information security events as quickly as possible. They should also be aware of the procedure for reporting information security events and the point of contact (POC) where the events should be reported to.
Situations to be considered for information security event reporting include:
- A. Ineffective security control
- B. Breach of information integrity, confidentiality or availability expectations
- C. Human errors
- D. Non-compliances with policies or guidelines
- E. Breaches of physical security arrangements
- F. Uncontrolled system changes
- G. Malfunctions of software or hardware
- H. Access violations
