Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Incident management resourcing and monitoring


Management shall define responsibilities and establish procedures to ensure an effective and consistent response to security incidents.

Management must ensure e.g.:

  • interference management has clear responsibilities
  • there is a documented process for responding, handling and reporting incidents

The process must ensure e.g.:

  • staff have a clear contact point / tool and instructions for reporting incidents
  • the reported security breaches will be addressed by qualified personnel in a sufficiently comprehensive manner
Connected other frameworks and requirements:
24. Responsibility of the controller
7.2.1: Management responsibilities
ISO 27001
16.1.1: Responsibilities and procedures
ISO 27001
5.24: Information security incident management planning and preparation
ISO 27001
No items found.