The knowledge gained from analyzing and resolving security incidents should be used to reduce the likelihood of future incidents and their impact.
The organization regularly analyzes incidents as a whole. This process examines the type, amount and cost of incidents with the aim of identifying recurrent and significant incidents that need more action.
If recurrent incidents requiring response are identified, based on them:
The organization has defined procedures to ensure that the original reporter and other personnel involved in the incident are informed of the outcome of the incident management.
Linked personnel can be documented on an optional field on the incident documentation template.