In accordance with Company’s information security policy, it is mandatory to document effective incident and problem management procedure with a goal to improve service level by reducing the frequency of problems recurrence and to prevent, detect and correct information security deficiencies. The activities taken in various problems’ solving process may be very different and this depends on platform, system or character of problem. Therefore the objective of this procedure is to describe general steps for incident and problem management regardless of the system and technology platform used.

To maintain information security in ongoing operations, it is necessary to take into considerations and to have developed and implemented a procedure for the handling of security incidents. A security incident refers to an event whose impact could cause significant loss or damage. To prevent or contain any loss or damage, security incidents should be dealt with swiftly and efficiently. If there is a predefined procedure available to be invoked, then reaction times can be minimized. The possible loss or damage which could occur in a security incident can affect the confidentiality, integrity and availability of data.