Content library
Incident management and response
Reporting of major incidents to competent authorities
Incident management
Incident management and response

Reporting of major incidents to competent authorities

Start free trial

Task description

Reporting of major incidents to competent authorities

In case of major incidents, the organization must report them to the authorities defined in their national application of DORA. Reporting of major incidents should include:

  1. First notification
  2. Intermediate report (as status of the incident changes)
  3. Final report when root cause analysis is done

When an incident affects clients' financial interests, they must be promptly informed and provided with necessary details about mitigation actions. In the case of cyber threats, clients should be notified if they might be affected and advised on protective measures to take.

The relevant competent authorities are defined in Article 46 of DORA

Requirements connected to the task

Article 19: Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
Digital Operational Resilience Act (DORA)

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Reporting of major incidents to competent authorities
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 19: Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
DORA
See all related requirements and other information from tasks own page.
Go to >
Reporting of major incidents to competent authorities
Communication in the event of an incident and preperations
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

13 a §: Häiriötilanteista tiedottaminen ja varautuminen häiriötilanteisiin
TiHL
2.8: Häiriötilanteista tiedottaminen
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Communication in the event of an incident and preperations
Personnel guidelines for reporting security incidents
Critical
High
Normal
Low
Incident management and response
61
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9a §: Poikkeamien havainnointi
Kyberturvallisuuslaki
1.6.1: Reporting of security events
TISAX
1.3.2: Classification of information assets
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Personnel guidelines for reporting security incidents
Designation of an incident management team
Critical
High
Normal
Low
Incident management and response
52
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9b §: Poikkeamien käsittely
Kyberturvallisuuslaki
1.6.2: Management of reported events
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
4.1.1: Establish plans for incident management
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Designation of an incident management team
Treatment process and documentation of occurred security incidents
Critical
High
Normal
Low
Incident management and response
74
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9b §: Poikkeamien käsittely
Kyberturvallisuuslaki
1.6.2: Management of reported events
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
4.4.2: Review identified compromised security measures
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Treatment process and documentation of occurred security incidents
The step-by-step process of notification of incidents to the authorities
Critical
High
Normal
Low
Incident management and response
52
requirements

Examples of other requirements this task affects

Članak 37: Obavještavanje o značajnim incidentima
NIS2 Croatia
12 §: Poikkeamaa koskeva väliraportti
Kyberturvallisuuslaki
13 §: Poikkeamaa koskeva loppuraportti
Kyberturvallisuuslaki
11 §: Poikkeamailmoitukset viranomaiselle
Kyberturvallisuuslaki
35 § 1°: Processus de notification des incidents au CSIRT
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities
Notification of exploited vulnerabilities
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 14.1-2: Reporting obligations of manufacturers
CRA
See all related requirements and other information from tasks own page.
Go to >
Notification of exploited vulnerabilities
Incident management and response capability
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 25: Security attestation of free and open-source software
CRA
§ 7: Krav om sikkerhet for tilbydere av samfunnsviktige tjenester
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Incident management and response capability
Notification of an incident affecting the products
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 14.3-4: Incident notification
CRA
See all related requirements and other information from tasks own page.
Go to >
Notification of an incident affecting the products
Communication of the incident response plan to stakeholders
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

13.1.a: Preventing incidents
CER
See all related requirements and other information from tasks own page.
Go to >
Communication of the incident response plan to stakeholders
Testing business continuity plans with severe scenarios
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Testing business continuity plans with severe scenarios
Anomaly criteria for triggering incident respone
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Anomaly criteria for triggering incident respone
Prioritization of security alerts
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Prioritization of security alerts
Documentation and notifications of PHI breaches
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Documentation and notifications of PHI breaches
Burden of Proof for breach notifications
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Burden of Proof for breach notifications
Process for immediate notification to the Information and Communication Center (Belgium)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 14.1: Notification de services déterminés
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Process for immediate notification to the Information and Communication Center (Belgium)
Handling vulnerability reports from national CSIRTs
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

30: Înființarea și autorizarea CSIRT-urilor
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Handling vulnerability reports from national CSIRTs
Ensure CSIRT compliance with national operational and security requirements (Romania)
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

32: Cerințele operaționale, de securitate și de cooperare pentru csirt-uri
NIS2 Romania
31: Obligațiile și autorizarea csirt-urilor
NIS2 Romania
33: Responsabilitățile și serviciile csirt-urilor
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Ensure CSIRT compliance with national operational and security requirements (Romania)
Ensure reporting of cybersecurity incidents through PNRISC (Romania)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

15.2: Modalitatea de raportare
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Ensure reporting of cybersecurity incidents through PNRISC (Romania)
The step-by-step process of notification of incidents to the authorities (Cyprus)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

35B.4: Ειδοποίηση περιστατικού πολλαπλών σταδίων
NIS2 Cyprus
35B.1: Αναφορά Σημαντικών Περιστατικών
NIS2 Cyprus
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Cyprus)
Guidelines for information exchange with authorities
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 11: Übermittlung und Nutzung der Informationen
CSV
See all related requirements and other information from tasks own page.
Go to >
Guidelines for information exchange with authorities
Process for supplementary incident reporting
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 16: Frist zur Erfassung der Meldung
CSV
See all related requirements and other information from tasks own page.
Go to >
Process for supplementary incident reporting
Procedure for reporting cyberattacks
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 15: Inhalt der Meldung
CSV
See all related requirements and other information from tasks own page.
Go to >
Procedure for reporting cyberattacks
Guidelines for identifying reportable cyberattacks (Switzerland)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Art. 14: Zu meldende Cyberangriffe
CSV
Art. 15: Inhalt der Meldung
CSV
See all related requirements and other information from tasks own page.
Go to >
Guidelines for identifying reportable cyberattacks (Switzerland)
Process for information exchange with BACS (Switzerland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 8: Sichere und automatisierte Informationsaustauschsysteme
CSV
See all related requirements and other information from tasks own page.
Go to >
Process for information exchange with BACS (Switzerland)
The step-by-step process of notification of incidents to the national security authority
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 4-5.1: Varslingsplikt
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the national security authority
Process for Monitoring Protective Security and Reporting Incidents
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 2.1: Skyldigheter för den som bedriver säkerhetskänslig verksamhet
SSL
See all related requirements and other information from tasks own page.
Go to >
Process for Monitoring Protective Security and Reporting Incidents
Procedure for emergency notifications to authorities
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

13.3: Underretningspligt i beredskabssituationer
NIS2 Denmark
See all related requirements and other information from tasks own page.
Go to >
Procedure for emergency notifications to authorities
Define and document internal notification triggers
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

§ 13.3: Beredskapsplanlegging og øvelser
NIS2 NO
§ 13.1: Beredskapsplanlegging for hendelser
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Define and document internal notification triggers
Notifying the public of a significant incident
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 17.2: Informing the public
CRA
Članak 41: Obavještavanje javnosti o značajnom incidentu
NIS2 Croatia
See all related requirements and other information from tasks own page.
Go to >
Notifying the public of a significant incident
Submitting a monthly progress report
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 25.5: Notifiche di incidenti
NIS2 Italy
See all related requirements and other information from tasks own page.
Go to >
Submitting a monthly progress report
Conducting incident response exercises
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

17.7: Conduct Routine Incident Response Exercises
CIS 18
§ 13.3: Beredskapsplanlegging og øvelser
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Conducting incident response exercises
Establishing and maintaining an incident response process
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

17.4: Establish and Maintain an Incident Response Process
CIS 18
11.4: Abordare cuprinzătoare a securității cibernetice
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining an incident response process
Designating incident management key personnel
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

17.1: Designate Personnel to Manage Incident Handling
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Designating incident management key personnel
User notification procedure for significant service disruptions
Critical
High
Normal
Low
Incident management and response
6
requirements

Examples of other requirements this task affects

34.(4): Incidentu un draudu paziņojumi pakalpojumu saņēmējiem
NIS2 Latvia
Art. 25.10: Notifiche di minacce ai destinatari dei servizi
NIS2 Italy
Art. 25.9: Notifiche di incidenti ai destinatari del servizio
NIS2 Italy
32.2: Ontvangers informeren over cyberdreigingen
NIS2 Netherlands
32.1: Ontvangers informeren over belangrijke incidenten
NIS2 Netherlands
See all related requirements and other information from tasks own page.
Go to >
User notification procedure for significant service disruptions
Submitting a progress report
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

34.(6): Progresa ziņojums par incidentu
NIS2 Latvia
31.2: Voortgangsverslag
NIS2 Netherlands
See all related requirements and other information from tasks own page.
Go to >
Submitting a progress report
Defining threshold for incident recovery measures
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

RS.MA-05: Incident recovery criteria
NIST 2.0
13.1.d: Recovering from incidents
CER
§ 13.2: Hendelseshåndtering og -respons
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Defining threshold for incident recovery measures
Public communication on incident recovery measures
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

RC.CO-04: Public updates on incident recovery are shared
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Public communication on incident recovery measures
Incident response documentation and integrity
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

RS.AN-06: Records of investigation of incident
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Incident response documentation and integrity
Including suppliers in incident management
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

ID.IM-02: Improvements from security tests and exercises
NIST 2.0
GV.SC-08: Including relevant suppliers and third parties in incident activities
NIST 2.0
13.1.c: Responding to incidents
CER
See all related requirements and other information from tasks own page.
Go to >
Including suppliers in incident management
Creating and maintaining incident response plans
Critical
High
Normal
Low
Incident management and response
16
requirements

Examples of other requirements this task affects

4.1.1: Establish plans for incident management
NSM ICT-SP
ID.IM-04: Incident response and cybersecurity plans
NIST 2.0
PR.IR-03: Meeting resilience requirements
NIST 2.0
RC.RP-01: Recovery plan
NIST 2.0
RS.MA-01: Incident response plan execution
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining incident response plans
Identifying the impact on business processes
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

4.3.1: Identify extent and impact on business processes
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Identifying the impact on business processes
Enriching incident information to ensure an effective response
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

4.3.3: Log all activities, results and relevant decisions
NSM ICT-SP
38: Kiberuzbrukumu attiecināšana
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Enriching incident information to ensure an effective response
Documenting incident activities by establishing a response timeline
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

4.3.3: Log all activities, results and relevant decisions
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Documenting incident activities by establishing a response timeline
Developing and executing a recovery plan
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

4.3.4: Launch recovery plan during or after the incident
NSM ICT-SP
Article 39: Components of the ICT business continuity plan
DORA simplified RMF
13.1.d: Recovering from incidents
CER
§ 6.1: Sikkerhetsstyringssystem
NIS2 NO
§ 13.2: Hendelseshåndtering og -respons
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Developing and executing a recovery plan
Communicating with relevant parties after an incident, including CERTs and NSM NCSC
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

4.3.6: Perform necessary activities after the incident
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Communicating with relevant parties after an incident, including CERTs and NSM NCSC
Ensuring the safe failure of the critical systems in a network loss
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

PR.AC-5: Network integrity (network segregation, network segmentation… ) is protected.
CyberFundamentals
§ 10.e: Systemrobusthet og tilgjengelighet
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Ensuring the safe failure of the critical systems in a network loss
Defining security events and incidents
Critical
High
Normal
Low
Incident management and response
6
requirements

Examples of other requirements this task affects

1.6.1: Reporting of security events
TISAX
DE.AE-08: Incidents declaration criteria
NIST 2.0
17.9: Establish and Maintain Security Incident Thresholds
CIS 18
Article 31: ICT risk management
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Defining security events and incidents
Internal communication in an incident situation
Critical
High
Normal
Low
Incident management and response
8
requirements

Examples of other requirements this task affects

1.6.1: Reporting of security events
TISAX
RS.CO-03: Sharing Information with stakeholders
NIST 2.0
DE.AE-06: Information on adverse events
NIST 2.0
RS.CO-02: Notifying stakeholders of incidents
NIST 2.0
17.2: Establish and Maintain Contact Information for Reporting Security Incidents
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Internal communication in an incident situation
Process for categorization of security incidents
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

1.6.2: Management of reported events
TISAX
RS.MA-04: Incidents escalation and elevating
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Process for categorization of security incidents
Classification of incidents
Critical
High
Normal
Low
Incident management and response
6
requirements

Examples of other requirements this task affects

Article 18: Classification of ICT-related incidents and cyber threats
DORA
4.2.1: Review log data and collect relevant data on the incident to create a good basis for making decisions
NSM ICT-SP
4.2.2: Determine the severity level of the incident
NSM ICT-SP
RS.MA-03: Incident classification
NIST 2.0
RS.AN-08: Incident’s magnitude
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Classification of incidents
Sufficient resourcing of ICT-environment monitoring
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 10: Detection
DORA
See all related requirements and other information from tasks own page.
Go to >
Sufficient resourcing of ICT-environment monitoring
Consideration of classified information in the incident management
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

T-06: TOIMINTAHÄIRIÖT JA POIKKEUSTILANTEET
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Consideration of classified information in the incident management
Reporting security breach to authorities
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

T-07: TURVALLISUUSPOIKKEAMIEN HALLINTA
Katakri 2020
Art. 14: Zu meldende Cyberangriffe
CSV
Art. 8: Sichere und automatisierte Informationsaustauschsysteme
CSV
See all related requirements and other information from tasks own page.
Go to >
Reporting security breach to authorities
The first level response process to security incidents
Critical
High
Normal
Low
Incident management and response
50
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9b §: Poikkeamien käsittely
Kyberturvallisuuslaki
1.6.2: Management of reported events
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
4.2.1: Review log data and collect relevant data on the incident to create a good basis for making decisions
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
The first level response process to security incidents
Defining cyber security metrics for cyber security breaches
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

RESPONSE-2: Analyze Cybersecurity Events and Declare Incidents
C2M2
Article 17: ICT-related incident management process
DORA
17.9: Establish and Maintain Security Incident Thresholds
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Defining cyber security metrics for cyber security breaches
Processes for reporting information security events related to offered cloud services
Critical
High
Normal
Low
Incident management and response
12
requirements

Examples of other requirements this task affects

16: Information security incident management
ISO 27017
16.1: Management of information security incidents and improvements
ISO 27017
16.1.2: Reporting information security events
ISO 27017
ID.RA-3: Threat identification
NIST
DE.DP-4: Event detection
NIST
See all related requirements and other information from tasks own page.
Go to >
Processes for reporting information security events related to offered cloud services
Identification and monitoring of event sources
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

DE.AE-3: Event data
NIST
TEK-13: Poikkeamien havainnointikyky ja toipuminen
Julkri
RESPONSE-1: Detect Cybersecurity Events
C2M2
DE.AE-3: Event data are collected and correlated from multiple sources and sensors.
CyberFundamentals
DE.CM-03: Monitoring personnel activity and technology usage
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Identification and monitoring of event sources
Defining threshold for cyber security breach
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

DE.AE-5: Incident alert thresholds
NIST
RESPONSE-2: Analyze Cybersecurity Events and Declare Incidents
C2M2
Article 17: ICT-related incident management process
DORA
DE.AE-5: Incident alert thresholds are established.
CyberFundamentals
DE.AE-08: Incidents declaration criteria
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Defining threshold for cyber security breach
Detection process testing and compliance
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

DE.DP-2: Detection activities
NIST
TEK-13: Poikkeamien havainnointikyky ja toipuminen
Julkri
CC7.2: Monitoring of system components for anomalies
SOC 2
DE.DP-2: Detection activities comply with all applicable requirements.
CyberFundamentals
39: Koordinēta ievainojamību atklāšana
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Detection process testing and compliance
Incident containing measures
Critical
High
Normal
Low
Incident management and response
20
requirements

Examples of other requirements this task affects

RS.MI-1: Incident containment
NIST
Article 17: ICT-related incident management process
DORA
RS.MI-1: Incidents are contained.
CyberFundamentals
4.3.2: Determine whether the incident is under control and take the necessary reactive measures
NSM ICT-SP
14.5.3.a): Kibernetinių incidentų valdymą
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Incident containing measures
Managing evidence information for information security incidents
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

5.28: Collection of evidence
ISO 27001
6.2b: Häiriöiden hallinta ja menettelyt ongelmatilanteissa
Tietoturvasuunnitelma
4.3.3: Log all activities, results and relevant decisions
NSM ICT-SP
RS.AN-07: Incident data and metadata
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Managing evidence information for information security incidents
Definition of tolerable outages
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

27: Siedettävien toimintakatkoksien määrittely
Digiturvan kokonaiskuvapalvelu
See all related requirements and other information from tasks own page.
Go to >
Definition of tolerable outages
Reporting data security incidents to the authorities
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

35: Häiriöiden ilmoittaminen viranomaisille
Digiturvan kokonaiskuvapalvelu
17.2: Establish and Maintain Contact Information for Reporting Security Incidents
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Reporting data security incidents to the authorities
Regular practice of security incident situations
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

36: Häiriötilanteiden säännöllinen harjoittelu
Digiturvan kokonaiskuvapalvelu
3.4.5: Test the organisation´s routines for detection and preparedness
NSM ICT-SP
4.1.6: Test and rehearse the plans regularly so that they are established
NSM ICT-SP
14.6: Train Workforce Members on Recognizing and Reporting Security Incidents
CIS 18
Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Regular practice of security incident situations
Incident notifications for users of own services
Critical
High
Normal
Low
Incident management and response
29
requirements

Examples of other requirements this task affects

Članak 38: Obavještavanje primatelja usluga
NIS2 Croatia
14 §: Poikkeamasta ja kyberuhkasta ilmoittaminen muulle kuin viranomaiselle
Kyberturvallisuuslaki
34 § 1°: Notifications d'incidents au CSIRT et aux bénéficiaires des services
NIS2 Belgium
4.2.3: Inform relevant stakeholders
NSM ICT-SP
18.1.: Pranešimai apie incidentus CSIRT ir paslaugų gavėjams
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Incident notifications for users of own services
Communication about information security threats and protective measures affecting users of the services
Critical
High
Normal
Low
Incident management and response
22
requirements

Examples of other requirements this task affects

Članak 38: Obavještavanje primatelja usluga
NIS2 Croatia
14 §: Poikkeamasta ja kyberuhkasta ilmoittaminen muulle kuin viranomaiselle
Kyberturvallisuuslaki
34 § 2°: Notifications de menaces aux bénéficiaires des services
NIS2 Belgium
4.2.3: Inform relevant stakeholders
NSM ICT-SP
RS.CO-3: Information is shared consistent with response plans.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Communication about information security threats and protective measures affecting users of the services
Voluntary notifications of security incidents
Critical
High
Normal
Low
Incident management and response
11
requirements

Examples of other requirements this task affects

15 §: Vapaaehtoinen ilmoittaminen
Kyberturvallisuuslaki
34.(9): Brīvprātīga ziņošana
NIS2 Latvia
Article 15.2: Incident reporting
CRA
Art. 26.1: Notifica volontaria di informazioni pertinenti
NIS2 Italy
Članak 39: Obavještavanje na dobrovoljnoj osnovi
NIS2 Croatia
See all related requirements and other information from tasks own page.
Go to >
Voluntary notifications of security incidents
Whistle blowing -system
Critical
High
Normal
Low
Incident management and response
0
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Whistle blowing -system
Communicating the results of cyber security incident analysis
Critical
High
Normal
Low
Incident management and response
16
requirements

Examples of other requirements this task affects

16.1.6: Learning from information security incidents
ISO 27001
PR.IP-8: Protection effectiveness
NIST
DE.DP-4: Event detection
NIST
5.27: Learning from information security incidents
ISO 27001
CC2.2: Internal communication of information
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Communicating the results of cyber security incident analysis
Regular periodic analysis and learning of incidents
Critical
High
Normal
Low
Incident management and response
46
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9b §: Poikkeamien käsittely
Kyberturvallisuuslaki
1.6.2: Management of reported events
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
4.4.1: Identify experiences and lessons learnt from incidents
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Regular periodic analysis and learning of incidents
Follow-up analysis for security incidents
Critical
High
Normal
Low
Incident management and response
26
requirements

Examples of other requirements this task affects

16.1.6: Learning from information security incidents
ISO 27001
6.4: Menettelytavat virhe- ja ongelmatilanteissa
Omavalvontasuunnitelma
ID.RA-4: Impacts on business
NIST
DE.DP-5: Detection processes improvment
NIST
RS.AN-2: The impact of the incident
NIST
See all related requirements and other information from tasks own page.
Go to >
Follow-up analysis for security incidents
Ensuring sorting of cyber security events
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

DE.AE-2: Analyze detected events
NIST
RESPONSE-2: Analyze Cybersecurity Events and Declare Incidents
C2M2
Article 17: ICT-related incident management process
DORA
DE.AE-2: Detected events are analysed to understand attack targets and methods.
CyberFundamentals
RS.MA-02: Incident reports
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Ensuring sorting of cyber security events
Forensic investigation of incidents
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

RS.AN-3: Forensics
NIST
6.8: Asiakas- ja potilastietojärjestelmien pääsynhallinnan ja käytön seurannan käytännöt
Tietoturvasuunnitelma
RS.AN-3: Forensics are performed.
CyberFundamentals
4.3.6: Perform necessary activities after the incident
NSM ICT-SP
RS.AN-03: Incident analysis
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Forensic investigation of incidents
Consideration of environmental threats in risk and incident management
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

A1.2: Recovery of infrastructure according to objectives
SOC 2
13.1.a: Preventing incidents
CER
See all related requirements and other information from tasks own page.
Go to >
Consideration of environmental threats in risk and incident management

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security