SoA - A.6.1.3 - Incident Response Plan
Assign topic to the user
Answer:
Incident response plan is a document needed only if you want to become compliant with ISO 22301, it is not needed for ISO 27001. Therefore, it is not part of ISO 27001 Toolkit (it is a part of ISO 27001 & ISO 22301 Premium Toolkit).
To become compliant with ISO 27001 control A.6.1.3 (Contact with authorities) it is enough to specify in your Statement of Applicability who in your company will be in contact with e.g. police, regulatory agencies, etc. - the standard does not require you to have an extra document for that purpose.
Comment as guest or Sign in
Aug 23, 2018