Expert Advice Community

Do we need an incident management procedure?

  Quote
mbeau0999 Created:   Aug 04, 2022 Last commented:   Aug 10, 2022

Do we need an incident management procedure?

Our company has a good incident response plan in place, however it's a requirement of the ISO27001 that we also have an incident management procedure? Do we need this in addition?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 10, 2022

ISO 27001 does not require an incident management procedure to be documented, so you only need to document one in case you have a legal requirement (e.g., law, regulation, or contract) demanding such procedure to be documented.

Only response plans require documentation, in case-control A.16.1.5 (Response to information security incidents) is stated as applicable in the Statement of Applicability.

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Aug 04, 2022

Aug 10, 2022

Suggested Topics