Please advise if the Advisera template for A.16_Incident_Management_Procedure in ISO27001 toolkit is aligned with ISO27035:2016 which is a requirement for us as per regulatory/legal/license requirement.
The Incident Management Procedure template in the ISO27001 toolkit can be used to be compliant with ISO27035:2016.
Please note that as part of the ISO 27000 series, ISO 27035 adds specific orientation and guidance for implementation of incident management as required by controls from section A.16, of ISO 27001 Annex A.
This article will provide you a further explanation about incident management according to ISO 27001:
Thank you for the feedback which is much appreciated ....can you kindly elaborate on your feedback below or provide an updated template which addresses the same to ensure alignment of incident management to ISO27035 : " ISO 27035 adds specific orientation and guidance for implementation of incident management"
While ISO 27001 only defines one objective for information security incident management, and seven controls that can be applied, it does not specify processes or activities to be performed. ISO 27035 defines detailed phases to be considered:
Plan and prepare
Detection and reporting
Assessment and decision
The incident management procedure template included in the Iso 27001 toolkit presents a simple way to cover these phases in a general level to fulfill Iso 27001 requirements (where details related to the specific organizational context are needed, they are identified by comments in the template).