Processes for reporting information security events related to offered cloud services

Critical
High
Normal
Low

When offering cloud services, the organisation needs to have planned processes or procedures for:

  • how the cloud service customer reports an information security event to the organisation
  • how the organisation reports information security events to cloud service customers
  • how the cloud service customer can track the status of a previously reported information security event
Connected other frameworks and requirements:
ID.RA-3: Threat identification
NIST CSF
DE.DP-4: Event detection
NIST CSF
RS.CO-3: Information sharing
NIST CSF
RC.CO-1: Public relations
NIST CSF
16: Information security incident management
ISO 27017

Communicating the results of cyber security incident analysis

Critical
High
Normal
Low

The organization has defined procedures to ensure that the original reporter and other personnel involved in the incident are informed of the outcome of the incident management.

Linked personnel can be documented on an optional field on the incident documentation template.

Connected other frameworks and requirements:
16.1.6: Learning from information security incidents
ISO 27001
PR.IP-8: Protection effectiveness
NIST CSF
DE.DP-4: Event detection
NIST CSF
5.27: Learning from information security incidents
ISO 27001
No items found.