LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Incident Management

  Quote
Guest
Atul Kamat Created:   Jul 26, 2021 Last commented:   Jul 28, 2021

Incident Management

Please advise if the Advisera template for A.16_Incident_Management_Procedure in ISO27001 toolkit is aligned with ISO27035:2016 which is a requirement for us as per regulatory/legal/license requirement.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 27, 2021

The Incident Management Procedure template in the ISO27001 toolkit can be used to be compliant with ISO27035:2016.

Please note that as part of the ISO 27000 series, ISO 27035 adds specific orientation and guidance for implementation of incident management as required by controls from section A.16, of ISO 27001 Annex A.

This article will provide you a further explanation about incident management according to ISO 27001:

Quote
0 0
Guest
Atul Kamat Jul 27, 2021

Thank you for the feedback which is much appreciated ....can you kindly elaborate on your feedback below or provide an updated template which addresses the same to ensure alignment of incident management to ISO27035 : " ISO 27035 adds specific orientation and guidance for implementation of incident management"

Quote
0 0
Expert
Rhand Leal Jul 28, 2021

While ISO 27001 only defines one objective for information security incident management, and seven controls that can be applied, it does not specify processes or activities to be performed. ISO 27035 defines detailed phases to be considered:

  • Plan and prepare
  • Detection and reporting
  • Assessment and decision
  • Responses
  • Lessons learned.

The incident management procedure template included in the Iso 27001 toolkit presents a simple way to cover these phases in a general level to fulfill Iso 27001 requirements (where details related to the specific organizational context are needed, they are identified by comments in the template).

In this link, you can find more information about this standard: https://www.iso.org/obp/ui/#iso:std:iso-iec:27035:-1:ed-1:v1:en

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 26, 2021

Jul 28, 2021