How to Document Security Incidents for Compliance in 10 Steps


Many organizations are subject to regulations that enforce compliance to federal standards, such as HIPAA. This is because these organizations often operate in sensitive ways, such as handling customers’ personal data, and enforcing regulations can be necessary to ensure properly-heightened security. However, it’s impossible to predict every outcome, and security incidents are very likely to occur.

One of the chief compliance requirements is for organizations to document such security incidents. This article will detail the steps that organizations will want to use if they are documenting security incidents for compliance.

When security incidents occur, documentation is required for compliance. The Security Officer for the organization is the individual responsible for this documentation, whether in an electronic or written format.

Step 1: Security Incident Report – Contact Information

The security incident report needs to contain certain information to meet compliance. It is best to make a form that will contain certain information in different sections.

The first section that you will want to make is Contact Information. The information should include:

  • The reporting individual’s name and title
  • Both work and mobile phone number
  • Name of the organization’s security officer
  • Email address
  • Fax number

Step 2: Security Incident Description

Next, the security incident report should have a section designated for the description of the security incident. This section is where you want to be brief but include as much detail as possible about the security incident. Not only will this look good for compliance auditors, but it will also serve as good documentation of commonly-occurring security issues your organization faces.

Step 3: Impact/Potential Impact

Document any impact that this security incident may have had on your organization. You can present this as a free-form text box to be filled, check boxes next to predefined impact types or an approach where you (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: