scope:

The scope of this Standard is to define the impact caused by an information security incident and the associated requirements for the development, implementation, management and ongoing review of TfL's information security incident management response to provide a consistent approach.

This relates to all employees, contractors and sub-contractors (third parties) who must report an information security incident when they become aware of it.

It also applies to the Cyber Security team who will co-ordinate and manage the response to the incident.

Examples of information security incidents

Note: Not an exhaustive list.

An information security incident can result in:

• Reduced or weakened system access or integrity

• Legal action

• Disruption of activity

• Corruption of information

• Unauthorised access to applications or information

• Unauthorised access to IT equipment

• Financial loss including unauthorised disclosure of payment card information

• Loss of system or information availability

• Loss of mobile device holding critical or sensitive data

• Loss of, or inappropriate disclosure of, personal data or business sensitive information, whether electronic or on paper or any other form, including verbal conversation.

Purpose

This Standard detail the requirements for the management of information security incidents, events and weaknesses. This Standard ensures a consistent approach to the lifecycle of incidents, events and weaknesses and underpins the effectiveness of the IT Information Security Management System (ISMS).

The document details the information security controls defined within ISO27001 and required to ensure a consistent and effective approach to the management of information security incidents, including communication on security events and identified weaknesses.

The standard also supports the Information Technology Security Policy (P116) to manage and protect the confidentiality, integrity and availability of TfL's information assets from threats and vulnerabilities.