SM-09 Incident & Security Monitoring

Problem Management

Root causes of recurring issues are addressed.

Domain: Incident & Security Monitoring
Control type: Detective
Automated / manual: Manual
Frequency: Per event
Framework reference: COBIT DSS03

What good looks like

Recurring incidents analysed for root cause; corrective actions tracked.

Risk if it fails

Recurring failures persist.

How Tess tests it

3 tests — each concludes only on cited evidence.

Problem-management process defined

Design

Procedure: Inspect the process.
Expected: RCA process defined.
Sample: 1 (design inspection)
Evidence: Problem records, RCA, corrective-action tracker.

Recurring incidents analysed (RCA)

Operating

Procedure: Sample problems.
Expected: Root-cause analysis performed.
Sample: Judgmental, by population (e.g. 10–25)
Evidence: Problem records, RCA, corrective-action tracker.

Corrective actions tracked to closure

Operating

Procedure: Inspect the tracker.
Expected: Actions closed.
Sample: Judgmental, by population (e.g. 10–25)
Evidence: Problem records, RCA, corrective-action tracker.

Evidence Tess looks for

Problem records, RCA, corrective-action tracker.

More in Incident & Security Monitoring

SM-01 Logging Standard & Retention SM-02 Access & Privileged Activity Logging SM-03 Time Synchronisation (NTP) SM-04 Security Alerting & Anomaly Monitoring

Want Tess to test SM-09 against your evidence?