1 minute read

Press Ctrl A on the keyboard to select all text in the document (or use Select, Select

Implementation guidance

The header page and this section, up to and including Disclaimer, must be removed from the final version of the document. For more details on replacing the logo, yellow highlighted text and certain generic terms, see the Completion Instructions document.

Purpose of this document

The incident response procedure sets out in detail how the organization will initially react to an information security incident and manage it going forward. It is intended to be used at the point at which an incident has occurred.

Areas of the standard addressed

This document addresses the following sections of the ISO/IEC 27001 standard:

• A.16 Information security incident management o A.16.1 Management of information security incidents and improvements ▪ A.16.1.1 Responsibilities and procedure ▪ A.16.1.5 Response to information security incidents ▪ A.16.1.6 Learning from information security incidents ▪ A.16.1.7 Collection of evidence

This document addresses the following sections of the ISO/IEC 27018 standard:

• ISO/IEC 27018 Extended Control Set o A.9 Accountability ▪ A.9.1 Notification of a data breach involving PII

General guidance

You will need to think carefully about who should be included in the incident response structure so that the right people are available in the event of an information security incident. The procedures contained in this document need to be clear and concise as they will possibly be used in times of great stress to the people involved. Getting useful relationships in place in advance with third parties such as forensic investigators is a good idea.

Try to always have a Plan B for each aspect of the procedure such as deputies for the people and access to critical documents and resources. Testing your plan regularly in different scenarios is also highly recommended.

This article is from: