Incident management resourcing and monitoring


Management shall define responsibilities and establish procedures to ensure an effective and consistent response to security incidents.

Management must ensure e.g.:

  • interference management has clear responsibilities
  • there is a documented process for responding, handling and reporting incidents

The process must ensure e.g.:

  • staff have a clear contact point / tool and instructions for reporting incidents
  • the reported security breaches will be addressed by qualified personnel in a sufficiently comprehensive manner
Connected other frameworks and requirements:
24. Responsibility of the controller
7.2.1: Management responsibilities
ISO 27001
16.1.1: Responsibilities and procedures
ISO 27001
5.24: Information security incident management planning and preparation
ISO 27001
No items found.