Incident management procedure-A.16.1.5 is new control?
Assign topic to the user
security expert said
Hi
in standard ISO27001:2013 and in step 10 transmission steps document,
Incident management procedure (control A.16.1.5) is new control who describe how to respond to different types of incidents, who is responsible for what, who must be informed, etc
but in ISO 27001 2005 revision, information security incident management :
reporting information security events and weakness(A.13.1 control)
management of information security incidents and improvement(A.13.2 control)
is already exist.
what difference between control A.16.1.5 from new revision and A.13.1 & A.13.2 controls from 2005 revision?
please explain difference both of them.
thanks
I basically agree with you there is no big difference between incident management controls in ISO 27001:2005 and ISO 27001:2013; the only difference is that control A.16.1.5 of 2013 revision requires incident procedures to be documented, while controls in 2005 revision did not have such requirement.
Comment as guest or Sign in
Jan 12, 2016