3.3.9 Problem Management
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 | Status: In-Force |
Principle
Criteria and procedures to report problems should be defined to limit recurring incidents and to minimize the impact of incidents on the Member Organizations.
Control Requirements
| 1. | The problem management process should be defined, approved, implemented and communicated. | |
| 2. | The effectiveness of the problem management process should be measured and periodically evaluated. | |
| 3. | The problem management process should include the following requirements but not limited to: | |
| a. | identification, classification and prioritization of problem; | |
| b. | logging and monitoring of problem; | |
| c. | resolution and closure of problem; | |
| d. | the protection of relevant evidence and loggings; | |
| e. | impact assessment such as financial, data, customer and/or reputational; | |
| f. | date and time of the problem; | |
| g. | name of the impacted services and systems; | |
| h. | root-cause analysis; and | |
| i. | corrective actions. | |
| 4. | The Member Organizations should maintain a database for known error records. | |