3.3.9 Problem Management
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 |
Effective from 2021-11-04 - Nov 03 2021
To view other versions open the versions tab on the right
Principle
Criteria and procedures to report problems should be defined to limit recurring incidents and to minimize the impact of incidents on the Member Organizations.
Control Requirements
| 1. | The problem management process should be defined, approved, implemented and communicated. | |
| 2. | The effectiveness of the problem management process should be measured and periodically evaluated. | |
| 3. | The problem management process should include the following requirements but not limited to: | |
| a. | identification, classification and prioritization of problem; | |
| b. | logging and monitoring of problem; | |
| c. | resolution and closure of problem; | |
| d. | the protection of relevant evidence and loggings; | |
| e. | impact assessment such as financial, data, customer and/or reputational; | |
| f. | date and time of the problem; | |
| g. | name of the impacted services and systems; | |
| h. | root-cause analysis; and | |
| i. | corrective actions. | |
| 4. | The Member Organizations should maintain a database for known error records. | |