Content library
Incident management and response
Security Operations Center (SOC) structure, competence and procedures
Incident management
Incident management and response

Security Operations Center (SOC) structure, competence and procedures

Start free trial

Task description

Security Operations Center (SOC) structure, competence and procedures

The organisation should establish and document a response structure with a designated person or teams for handling security vulnerabilities and threats. This includes defining and communicating roles, responsibilities, authority, and competence requirements. Documented procedures must be in place to guide the team's actions, including activation, operation, coordination, and communication, ensuring they can assess threats, activate responses, and manage incidents effectively.

Requirements connected to the task

No items found.

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Reporting of major incidents to competent authorities
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 19: Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
DORA
See all related requirements and other information from tasks own page.
Go to >
Reporting of major incidents to competent authorities
Communication in the event of an incident and preperations
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

13 a §: Häiriötilanteista tiedottaminen ja varautuminen häiriötilanteisiin
TiHL
2.8: Häiriötilanteista tiedottaminen
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Communication in the event of an incident and preperations
Personnel guidelines for reporting security incidents
Critical
High
Normal
Low
Incident management and response
87
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9a §: Poikkeamien havainnointi
Kyberturvallisuuslaki
1.6.1: Reporting of security events
TISAX
1.3.2: Classification of information assets
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Personnel guidelines for reporting security incidents
Designation of an incident management team
Critical
High
Normal
Low
Incident management and response
71
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9b §: Poikkeamien käsittely
Kyberturvallisuuslaki
1.6.2: Management of reported events
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
4.1.1: Establish plans for incident management
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Designation of an incident management team
Treatment process and documentation of occurred security incidents
Critical
High
Normal
Low
Incident management and response
110
requirements

Examples of other requirements this task affects

Članak 30.1.b: Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanje
NIS2 Croatia
9.9b §: Poikkeamien käsittely
Kyberturvallisuuslaki
1.6.2: Management of reported events
TISAX
30 § 3.2° (incidents): La gestion des incidents
NIS2 Belgium
4.4.2: Review identified compromised security measures
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Treatment process and documentation of occurred security incidents
The step-by-step process of notification of incidents to the authorities
Critical
High
Normal
Low
Incident management and response
74
requirements

Examples of other requirements this task affects

Članak 37: Obavještavanje o značajnim incidentima
NIS2 Croatia
12 §: Poikkeamaa koskeva väliraportti
Kyberturvallisuuslaki
13 §: Poikkeamaa koskeva loppuraportti
Kyberturvallisuuslaki
11 §: Poikkeamailmoitukset viranomaiselle
Kyberturvallisuuslaki
35 § 1°: Processus de notification des incidents au CSIRT
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities
Management and use of information received from CSIRTs and competent authorities
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Management and use of information received from CSIRTs and competent authorities
Policy for secure emergency communication systems
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Policy for secure emergency communication systems
Review and approval of the incident management plan (Lithuania)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Review and approval of the incident management plan (Lithuania)
Process for reporting minor cyber incidents (Lithuania)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Process for reporting minor cyber incidents (Lithuania)
Procedure for initial incident assessment
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Procedure for initial incident assessment
Security Operations Center (SOC) structure, competence and procedures
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Security Operations Center (SOC) structure, competence and procedures
Ensuring incident management capabilities and external support (Hungary)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Ensuring incident management capabilities and external support (Hungary)
Reporting of threats, near-cybersecurity incidents and cybersecurity incidents (Hungary)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Reporting of threats, near-cybersecurity incidents and cybersecurity incidents (Hungary)
Communication about potential security threats
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Communication about potential security threats
Process for reporting security-threatening incidents (Sweden)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Process for reporting security-threatening incidents (Sweden)
Incident reporting for trusted service operators (Sweden)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

6 §: Incidentanmälningar
NIS2 Sweden
See all related requirements and other information from tasks own page.
Go to >
Incident reporting for trusted service operators (Sweden)
Competence requirements for security monitoring personnel
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

C1.e: Personnel skills for monitoring and detection
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Competence requirements for security monitoring personnel
Advanced threat hunting
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

C2: Threat hunting
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Advanced threat hunting
Vulnerability reporting to CERT.PT (Portugal)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

38°: Prevenção e monitorização de vulnerabilidades
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Vulnerability reporting to CERT.PT (Portugal)
Annual security report (Portugal)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

30°: Relatório anual
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Annual security report (Portugal)
Data handling for vulnerability reports (Portugal)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

38°: Prevenção e monitorização de vulnerabilidades
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Data handling for vulnerability reports (Portugal)
The step-by-step process of notification of incidents to the authorities (Portugal)
Critical
High
Normal
Low
Incident management and response
4
requirements

Examples of other requirements this task affects

44°: Relatórios final e intercalar
NIS2 Portugal
43°: Notificação do fim de impacto significativo
NIS2 Portugal
40°: Notificação obrigatória
NIS2 Portugal
42°: Notificação inicial
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Portugal)
Security reporting point of contact
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 20.4.e: Určenie kontaktnej osoby na prijímanie hlásení
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Security reporting point of contact
Incident reporting and early warning system alignment
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 20.4.f: Hlásenie incidentov a včasné varovanie
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Incident reporting and early warning system alignment
Retention of supplementary incident data (Sweden)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 6: Informationsförfrågningar
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
Retention of supplementary incident data (Sweden)
Process for handling supplementary information requests (Sweden)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 6: Informationsförfrågningar
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
Process for handling supplementary information requests (Sweden)
Initial incident notification process to the Swedish Civil Contingencies Agency (Sweden)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

§ 3: Incidentrapporteringsprocess
MSBFS 2020:8
§ 4: Initial incidentnotifiering
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
Initial incident notification process to the Swedish Civil Contingencies Agency (Sweden)
The step-by-step process of notification of incidents to the authorities (Sweden)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 5: Slutgiltig incidentrapportering
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Sweden)
Process for reporting significant incidents to the Provincial Government (Åland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 16: Rapporteringsskyldigheter för kritiska verksamhetsutövare
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Process for reporting significant incidents to the Provincial Government (Åland)
The step-by-step process of notification of incidents to the authorities (Åland)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

§ 21.1-2: Anmälan av betydande incidenter
NIS2 Åland
§ 21: Anmälan av incidenter till provinsiella myndigheter och tjänstemottagare
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Åland)
Ensuring communication availability during security events
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

§ 74: Opretholdelse af kommunikation under hændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Ensuring communication availability during security events
Functional testing of technical equipment
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 22: Funktionstests af teknisk udstyr
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Functional testing of technical equipment
Continuous incident response capability
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 72: Håndtering af sikkerhedshændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Continuous incident response capability
Notification of users for significant incidents
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 75: Underretninger om hændelser til modtagere af tjenester
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Notification of users for significant incidents
The step-by-step process of notification of incidents to the authorities (Denmark-energy)
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

§ 79: Forpligtelser ved rapportering af hændelserIndberetningsløsninger
Energisektor beredskabsbekendtgørelse
§ 78: Rapporteringsprocessen for væsentlige hændelser
Energisektor beredskabsbekendtgørelse
§ 77: Rapportering af væsentlige hændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Denmark-energy)
Guideline for reporting security incidents to authorities
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 80: Anmeldelse til politiet og Forsvaret
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Guideline for reporting security incidents to authorities
Five-year plan and evaluation for cyber security exercises
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

§ 20: Femårige øvelsesplan
Energisektor beredskabsbekendtgørelse
§ 23: Øvelsesevalueringen
Energisektor beredskabsbekendtgørelse
§ 21: Beredskabsøvelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Five-year plan and evaluation for cyber security exercises
Compliance procedure for external incident reporting
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

5.43: HLT – Externe rapportage van incidenten
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Compliance procedure for external incident reporting
Process for disclosure of cybersecurity information
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 26: Cybersecurity authentication, detection and risk evaluation
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Process for disclosure of cybersecurity information
Handling network information security complaints and reports
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 49: Complaint and reporting systems for network information security
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Handling network information security complaints and reports
Confidentiality of security incident reporting
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 14: Right to report behaviors that endanger cybersecurity
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Confidentiality of security incident reporting
Management of prohibited content and secure information services
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 47: Strengthening the management of information published by network users
CSL (China)
Article 48: Security administration duties for electronic information distribution and application download service providers
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Management of prohibited content and secure information services
Voluntary sharing of risk assessment results and technologies with CSIRTs (Poland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

13: Informacje przekazywane do CSIRT
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Voluntary sharing of risk assessment results and technologies with CSIRTs (Poland)
Early warning notification details for major incidents (Poland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

12: Wczesne ostrzeżenie
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Early warning notification details for major incidents (Poland)
Handling sensitive information and support requests in incident reporting (Poland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

12: Wczesne ostrzeżenie
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Handling sensitive information and support requests in incident reporting (Poland)
Responding to mandatory reactive cybersecurity measures
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Responding to mandatory reactive cybersecurity measures
Regular asset scope review and justification of exclusions (Czech Republic)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Regular asset scope review and justification of exclusions (Czech Republic)
The step-by-step process of notification of incidents to the authorities (Czech Republic)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Czech Republic)
Incident reporting channels and procedures (Czech Republic)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Incident reporting channels and procedures (Czech Republic)
Defining threshold for cyber security breach (Czech Republic)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Defining threshold for cyber security breach (Czech Republic)
System isolation procedures
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
System isolation procedures
Upper obligations regime incident notification procedure (Czech Republic)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Upper obligations regime incident notification procedure (Czech Republic)
Notification of exploited vulnerabilities
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 14.1-2: Reporting obligations of manufacturers
CRA
See all related requirements and other information from tasks own page.
Go to >
Notification of exploited vulnerabilities
Incident management and response capability
Critical
High
Normal
Low
Incident management and response
13
requirements

Examples of other requirements this task affects

Article 25: Security attestation of free and open-source software
CRA
§ 7: Krav om sikkerhet for tilbydere av samfunnsviktige tjenester
NIS2 NO
§ 19.6.a: Povinnosť riešiť incidenty
NIS2 Slovakia
§ 20.4.d: Riešenie kybernetických bezpečnostných incidentov
NIS2 Slovakia
§ 68: Reagering på uregelmæssigheder i realtid
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Incident management and response capability
Notification of an incident affecting the products
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Article 14.3-4: Incident notification
CRA
See all related requirements and other information from tasks own page.
Go to >
Notification of an incident affecting the products
Communication of the incident response plan to stakeholders
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

13.1.a: Preventing incidents
CER
§ 14.1: Förebyggande av incidenter
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Communication of the incident response plan to stakeholders
Testing business continuity plans with severe scenarios
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Testing business continuity plans with severe scenarios
Anomaly criteria for triggering incident response
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

C1.c: Generating alerts
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Anomaly criteria for triggering incident response
Prioritization of security alerts
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

C1.d: Alert contextualisation
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Prioritization of security alerts
Documentation and notifications of PHI breaches
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Documentation and notifications of PHI breaches
Burden of Proof for breach notifications
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Burden of Proof for breach notifications
Process for immediate notification to the Information and Communication Center (Belgium)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 14.1: Notification de services déterminés
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Process for immediate notification to the Information and Communication Center (Belgium)
Handling vulnerability reports from national CSIRTs
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

30: Înființarea și autorizarea CSIRT-urilor
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Handling vulnerability reports from national CSIRTs
Ensure CSIRT compliance with national operational and security requirements (Romania)
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

31: Obligațiile și autorizarea csirt-urilor
NIS2 Romania
32: Cerințele operaționale, de securitate și de cooperare pentru csirt-uri
NIS2 Romania
33: Responsabilitățile și serviciile csirt-urilor
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Ensure CSIRT compliance with national operational and security requirements (Romania)
Ensure reporting of cybersecurity incidents through PNRISC (Romania)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

15.2: Modalitatea de raportare
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Ensure reporting of cybersecurity incidents through PNRISC (Romania)
The step-by-step process of notification of incidents to the authorities (Cyprus)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

35B.(1): Κοινοποιήσεις περιστατικών στην Αρχή και στους αποδέκτες των υπηρεσιών
NIS2 Cyprus
35B.(4): Αναφορά ενός περιστατικού στις αρχές
NIS2 Cyprus
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the authorities (Cyprus)
Guidelines for information exchange with authorities
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Art. 11: Übermittlung und Nutzung der Informationen
CSV
9: Współpraca z podmiotami Krajowego Systemu Cyberbezpieczeństwa
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Guidelines for information exchange with authorities
Process for supplementary incident reporting
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 16: Frist zur Erfassung der Meldung
CSV
See all related requirements and other information from tasks own page.
Go to >
Process for supplementary incident reporting
Procedure for reporting cyberattacks
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Art. 15: Inhalt der Meldung
CSV
Article 14: Right to report behaviors that endanger cybersecurity
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Procedure for reporting cyberattacks
Guidelines for identifying reportable cyberattacks (Switzerland)
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Art. 14: Zu meldende Cyberangriffe
CSV
Art. 15: Inhalt der Meldung
CSV
See all related requirements and other information from tasks own page.
Go to >
Guidelines for identifying reportable cyberattacks (Switzerland)
Process for information exchange with BACS (Switzerland)
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Art. 8: Sichere und automatisierte Informationsaustauschsysteme
CSV
See all related requirements and other information from tasks own page.
Go to >
Process for information exchange with BACS (Switzerland)
The step-by-step process of notification of incidents to the national security authority
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

§ 4-5.1: Varslingsplikt
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
The step-by-step process of notification of incidents to the national security authority
Process for Monitoring Protective Security and Reporting Incidents
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

§ 2.1: Skyldigheter för den som bedriver säkerhetskänslig verksamhet
SSL
See all related requirements and other information from tasks own page.
Go to >
Process for Monitoring Protective Security and Reporting Incidents
Procedure for emergency notifications to authorities
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

13.3: Underretningspligt i beredskabssituationer
NIS2 Denmark
See all related requirements and other information from tasks own page.
Go to >
Procedure for emergency notifications to authorities
Define and document internal notification triggers
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

§ 13.3: Beredskapsplanlegging og øvelser
NIS2 NO
§ 13.1: Beredskapsplanlegging for hendelser
NIS2 NO
Article 25: Contingency plans for cybersecurity incidents
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Define and document internal notification triggers
Notifying the public of a significant incident
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

Članak 41: Obavještavanje javnosti o značajnom incidentu
NIS2 Croatia
Article 17.2: Informing the public
CRA
See all related requirements and other information from tasks own page.
Go to >
Notifying the public of a significant incident
Submitting a monthly progress report
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

Art. 25.5: Notifiche di incidenti
NIS2 Italy
§ 5: Slutgiltig incidentrapportering
MSBFS 2020:8
See all related requirements and other information from tasks own page.
Go to >
Submitting a monthly progress report
Conducting incident response exercises
Critical
High
Normal
Low
Incident management and response
6
requirements

Examples of other requirements this task affects

17.7: Conduct Routine Incident Response Exercises
CIS 18
§ 13.3: Beredskapsplanlegging og øvelser
NIS2 NO
D1.c: Testing response plans
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Conducting incident response exercises
Establishing and maintaining an incident response process
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

17.4: Establish and Maintain an Incident Response Process
CIS 18
11.4: Abordare cuprinzătoare a securității cibernetice
NIS2 Romania
Article 49: Complaint and reporting systems for network information security
CSL (China)
D1.a: Response plan
CAF 4.0
§ 19.3: Væsentlige procedurer for håndtering af hændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining an incident response process
Designating incident management key personnel
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

17.1: Designate Personnel to Manage Incident Handling
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Designating incident management key personnel
User notification procedure for significant service disruptions
Critical
High
Normal
Low
Incident management and response
11
requirements

Examples of other requirements this task affects

34.(4): Incidentu un draudu paziņojumi pakalpojumu saņēmējiem
NIS2 Latvia
Art. 25.9: Notifiche di incidenti ai destinatari del servizio
NIS2 Italy
Art. 25.10: Notifiche di minacce ai destinatari dei servizi
NIS2 Italy
32.1: Ontvangers informeren over belangrijke incidenten
NIS2 Netherlands
32.2: Ontvangers informeren over cyberdreigingen
NIS2 Netherlands
See all related requirements and other information from tasks own page.
Go to >
User notification procedure for significant service disruptions
Submitting a progress report
Critical
High
Normal
Low
Incident management and response
4
requirements

Examples of other requirements this task affects

34.(6): Progresa ziņojums par incidentu
NIS2 Latvia
31.2: Voortgangsverslag
NIS2 Netherlands
8 §: Slutrapport
NIS2 Sweden
See all related requirements and other information from tasks own page.
Go to >
Submitting a progress report
Defining threshold for incident recovery measures
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

RS.MA-05: Incident recovery criteria
NIST 2.0
13.1.d: Recovering from incidents
CER
§ 13.2: Hendelseshåndtering og -respons
NIS2 NO
D1.b: Response and recovery capability
CAF 4.0
§ 14.4: Återhämta sig från incidenter
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Defining threshold for incident recovery measures
Public communication on incident recovery measures
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

RC.CO-04: Public updates on incident recovery are shared
NIST 2.0
Article 55: Activation of contingency plans for cybersecurity incidents
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Public communication on incident recovery measures
Incident response documentation and integrity
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

RS.AN-06: Records of investigation of incident
NIST 2.0
§ 16: Rapporteringsskyldigheter för kritiska verksamhetsutövare
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Incident response documentation and integrity
Including suppliers in incident management
Critical
High
Normal
Low
Incident management and response
11
requirements

Examples of other requirements this task affects

GV.SC-08: Including relevant suppliers and third parties in incident activities
NIST 2.0
ID.IM-02: Improvements from security tests and exercises
NIST 2.0
13.1.c: Responding to incidents
CER
§ 8: Rapporteringskrav för leverantörer
MSBFS 2020:8
§ 14.3: Incidenthantering och respons
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Including suppliers in incident management
Creating and maintaining incident response plans
Critical
High
Normal
Low
Incident management and response
28
requirements

Examples of other requirements this task affects

4.1.1: Establish plans for incident management
NSM ICT-SP
ID.IM-04: Incident response and cybersecurity plans
NIST 2.0
PR.IR-03: Meeting resilience requirements
NIST 2.0
RS.MA-01: Incident response plan execution
NIST 2.0
RC.RP-01: Recovery plan
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining incident response plans
Identifying the impact on business processes
Critical
High
Normal
Low
Incident management and response
7
requirements

Examples of other requirements this task affects

4.3.1: Identify extent and impact on business processes
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Identifying the impact on business processes
Enriching incident information to ensure an effective response
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

4.3.3: Log all activities, results and relevant decisions
NSM ICT-SP
38: Kiberuzbrukumu attiecināšana
NIS2 Latvia
§ 69: Logplanlægning og overvågning til hændelsesrespons
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Enriching incident information to ensure an effective response
Documenting incident activities by establishing a response timeline
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

4.3.3: Log all activities, results and relevant decisions
NSM ICT-SP
§ 19.6.d: Forenzná ochrana údajov
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Documenting incident activities by establishing a response timeline
Developing and executing a recovery plan
Critical
High
Normal
Low
Incident management and response
12
requirements

Examples of other requirements this task affects

4.3.4: Launch recovery plan during or after the incident
NSM ICT-SP
Article 39: Components of the ICT business continuity plan
DORA simplified RMF
13.1.d: Recovering from incidents
CER
§ 13.2: Hendelseshåndtering og -respons
NIS2 NO
§ 6.1: Sikkerhetsstyringssystem
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Developing and executing a recovery plan
Communicating with relevant parties after an incident, including CERTs and NSM NCSC
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

4.3.6: Perform necessary activities after the incident
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Communicating with relevant parties after an incident, including CERTs and NSM NCSC
Ensuring the safe failure of the critical systems in a network loss
Critical
High
Normal
Low
Incident management and response
3
requirements

Examples of other requirements this task affects

PR.AC-5: Network integrity (network segregation, network segmentation… ) is protected.
CyberFundamentals
§ 10.e: Systemrobusthet og tilgjengelighet
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Ensuring the safe failure of the critical systems in a network loss
Defining security events and incidents
Critical
High
Normal
Low
Incident management and response
21
requirements

Examples of other requirements this task affects

1.6.1: Reporting of security events
TISAX
DE.AE-08: Incidents declaration criteria
NIST 2.0
17.9: Establish and Maintain Security Incident Thresholds
CIS 18
Article 31: ICT risk management
DORA simplified RMF
5.43: HLT – Externe rapportage van incidenten
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Defining security events and incidents
Internal communication in an incident situation
Critical
High
Normal
Low
Incident management and response
16
requirements

Examples of other requirements this task affects

1.6.1: Reporting of security events
TISAX
DE.AE-06: Information on adverse events
NIST 2.0
RS.CO-02: Notifying stakeholders of incidents
NIST 2.0
RS.CO-03: Sharing Information with stakeholders
NIST 2.0
17.2: Establish and Maintain Contact Information for Reporting Security Incidents
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Internal communication in an incident situation
Process for categorization of security incidents
Critical
High
Normal
Low
Incident management and response
5
requirements

Examples of other requirements this task affects

1.6.2: Management of reported events
TISAX
RS.MA-04: Incidents escalation and elevating
NIST 2.0
C1.c: Generating alerts
CAF 4.0
§ 20.4.d: Riešenie kybernetických bezpečnostných incidentov
NIS2 Slovakia
§ 72: Håndtering af sikkerhedshændelser
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Process for categorization of security incidents
Classification of incidents
Critical
High
Normal
Low
Incident management and response
8
requirements

Examples of other requirements this task affects

Article 18: Classification of ICT-related incidents and cyber threats
DORA
4.2.1: Review log data and collect relevant data on the incident to create a good basis for making decisions
NSM ICT-SP
4.2.2: Determine the severity level of the incident
NSM ICT-SP
RS.MA-03: Incident classification
NIST 2.0
RS.AN-08: Incident’s magnitude
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Classification of incidents
Sufficient resourcing of ICT-environment monitoring
Critical
High
Normal
Low
Incident management and response
1
requirements

Examples of other requirements this task affects

Article 10: Detection
DORA
See all related requirements and other information from tasks own page.
Go to >
Sufficient resourcing of ICT-environment monitoring
Consideration of classified information in the incident management
Critical
High
Normal
Low
Incident management and response
2
requirements

Examples of other requirements this task affects

T-06: MALFUNCTIONS AND EXCEPTIONAL SITUATIONS
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Consideration of classified information in the incident management

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templatesTrust center
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessmentsInternal audits
Resources
AcademyWebinarsBlogHelp articlesVideo coursesTrust centerContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security
No items found.