Handling accidents
Please advise me, which part speak about how to handle when accident happened, accident management, how to lead workers, outsource company, fireman’s etc?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
According to ISO 27001, the following controls are related to incident management:
- A.5.7 Threat intelligence
- A.5.24 Information security incident management planning and preparation
- A.5.25 Assessment and decision on information security events
- A.5.26 Response to information security incidents
- A.5.27 Learning from information security incidents
- A.5.28 Collection of evidence
- A.6.8 Information security event reporting
Please note that ISO 27001 does not prescribe details on how to manage incidents, only objectives that need to be achieved. For detailed guidance, you should look for ISO 27002, a non-mandatory supporting standard that provides explanations on the implementation of ISO 27001 Annex A controls.
To see how a document describing incident handling compliant with ISO 27001 looks like, please take a look at this demo: https://advisera.com/27001academy/documentation/incident-management-procedure/
For further information, see:
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
Please note that, even though this article is about old 2013 revision of ISO 27001, the principles in the article are still valid.
Comment as guest or Sign in
Jun 08, 2023