RS.AN-06.326

Does your organization require incident leads to document security incidents in detail and maintain the integrity of all incident documentation and information sources?

Explanation

This question assesses whether your organization has formal requirements for incident documentation that preserve the chain of custody and accuracy of information during security incidents. Proper documentation by a designated incident lead ensures accountability, provides a reliable record for post-incident analysis, and supports potential legal or compliance requirements. It also helps maintain consistency in how incidents are recorded across the organization. Evidence could include an incident response policy document that explicitly assigns documentation responsibilities to incident leads, incident report templates that include fields for documenting information sources, or completed incident reports showing proper documentation practices with chain of custody maintained.

Implementation Example

Require the incident lead to document the incident in detail and be responsible for preserving the integrity of the documentation and the sources of all information being reported

ID: RS.AN-06.326

Context

Function
RS: RESPOND
Category
RS.AN: Incident Analysis
Sub-Category
Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron