Develop and follow internal procedures for evidence management involving InfoSec events for corrective or legal actions. Admissible evidence should be collected according to which storage media and device types are involved. Seek certification or similar ways to qualify and improve the worth of preserved evidence. Consider jurisdictional requirements for admission of evidence in relevant courts. Ensure the organization can gather digital evidence that transcends organizational or jurisdictional boundaries.
Conformance1
Tools for conforming to standards, goals and processes
