Incident Management Policy

Document ID: DPWAT-ISMS-POL-008
Version: 1.0
Owner: ISMS Manager / CISO (RMSI) — Timo Andreas Bejan
Approved by: Administrator (ADM) — Anna Boros
Effective date: 2025-10-15
Next review: 2027-02-01 (or on major change)

1. Policy

All personnel must report suspected information security incidents immediately.

DP WAT investigates, contains, and resolves incidents to minimize impact, meet obligations, and improve controls.

2. What to report

• Suspicious emails or credential prompts
• Lost/stolen devices
• Unauthorized access or suspected account compromise
• Malware or unexpected system behavior
• Accidental disclosure of customer information or source code

3. Roles

• CISO coordinates incident response and maintains the incident register.
• Administrators and Process Owners support containment and recovery.

4. Records

Incidents are recorded in incident-register with supporting evidence in 07-records/.