Understanding Security Policy Types: Policy Template vs. Detailed Procedure

Last updated: May 13, 2025

There are two different types of security incident management documents in the system that serve distinct purposes:

Security Incident Management Policy

This is a high-level policy template that outlines:

Ownership and governance structure
High-level framework
Communication principles
General policy guidelines

ISMS Incident Management Procedure

This is a detailed procedural document that provides specific step-by-step instructions and detailed processes for handling security incidents.

While both documents are typically included in security audits, the high-level policy template is optional and can be removed if it doesn't meet your organization's needs. The detailed ISMS procedure document is essential and should be maintained.