Professional Documents
Culture Documents
467
18.1 Purpose:
18.1.1 The purpose of this Policy is to prevent security incidents, limit the damage if an incident occurs,
awareness of Information Security related issues and to improve HCT IT process to serve
the business effectively at HCT. This policy also addresses handling of incidents that might
cause a disturbance to business continuity. The Incident Management Policy applies to all the
users of HCT.
18.2 Scope:
This policy applies to all HCT staff and students.
18.3 Policy:
Page 40 of 60
Central Services تامدخال ةيزكرمال
PO Box 25026, Abu Dhabi, United Arab Emirates, Tel: +971 2 681 4600, Fax: +971 2 681 5833
Website: www.hct.ac.ae
IT Security Policy v1.0
Classification: Internal
18.3.3.5 Escalation Procedure shall be defined to escalate the incident to management and
relevant parties to ensure that important decisions are promptly taken.
18.3.3.6 Procedures shall be developed, documented and updated to record any security
breach, whether accidental or deliberate.
18.3.3.7 Whenever a Security breach occurs each incident shall be logged, assigned for
follow-up, analyzed, recommendation shall be made in respect of prevention.
18.3.3.8 Local IT Department shall be responsible for auditing the incidents on periodic basis and
ensure that preventive action process is in place to address such further incidents.
18.3.3.9 Local IT Department shall ensure that adequate details relating to software
malfunctions (Security related malfunctions) are recorded and the actions to be
followed are implemented.
18.3.3.10 Security review and audit of all IT systems shall be conducted on a regular basis to
promptly
identify any possible security loopholes and/or areas of improvement to the system.
18.3.3.11 Appropriate disciplinary action against individuals who caused the incident shall be
initiated.
Page 40 of 60
Central Services تامدخال ةيزكرمال
PO Box 25026, Abu Dhabi, United Arab Emirates, Tel: +971 2 681 4600, Fax: +971 2 681 5833
Website: www.hct.ac.ae