Collecting Evidence of an Information Security Breach

Evidence of an Information Security breach must be collected to comply with statutory, regulatory or contractual obligations and avoid breaches of criminal or civil law. Advice on specific legal requirements should be sought from the organisation's legal advisers. Legal requirements vary from country to country.

To view the related Policy click      

  • Evidence collected for a disciplinary hearing may be too weak to bring disciplinary charges. The threat to security posed by the staff member remains.

  • Log all Information Security incident data and responses in a format suitable for use in a legal case. When collecting evidence consider:
  1. Rules for evidence: To have adequate evidence to support an action against a person or organisation.
  2. Admissibility of evidence: Complying with any standard or code of practice for the production of admissible evidence.
  3. Quality and completeness of evidence: To achieve quality and completeness of the evidence, a strong evidence trail is needed.


Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page