This article provides an overview of incident management for security as part of  ISO 27002 compliance.

The objective of reporting information security events and weaknesses is to ensure a consistent and effective approach to the management of information security incidents, including communication on security events and weaknesses.
Reporting Information Security Events and Weaknesses:

  1. Responsibilities and procedures – management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents.
  2. Reporting information security events – information security events should be reported through appropriate management channels as quickly as possible.
  3. Reporting information security weaknesses – employees and contractors using the organisation’s information systems and services should be required to note and report any observed or suspected information security weaknesses in systems or services.
  4. Assessment of and decision on information security events – information security events should be assessed and it should be decided if they are to be classified as information security incidents.
  5. Response to information security incidents – information security incidents should be responded to in accordance with the documented procedures.
  6. Learning from information security incidents – knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents.
  7. Collection of evidence – the organisation should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.

For more information please contact Morland-Austin at