The basics
ISO 27001 control A.5.24 Information security incident management planning and preparation requires companies to manage information security incidents in order to quickly detect and react to them and recover normal operating conditions as soon as possible.
Documentation
ISO 27001 control A.5.24 Information security incident management planning and preparation can be documented by writing an Incident Management Procedure.
This procedure is not a mandatory document but is recommended for all companies.
Implementation
In order to comply with control A.5.24 Information security incident management planning and preparation you might implement the following:
- Technology — the technology to handle information security incident management could include software, hardware, or networks. Smaller companies will probably be able to manage incidents using office and messaging applications (e.g., reports written in MS Word, Apple Pages, or Google Docs, and communications using Skype, Teams, or Google Chat), whereas larger companies probably need some software that centralizes incident management from start to end.
- Organization/processes — you should set up a process for planning how to detect and react to incidents, and how to identify and provide the necessary resources for a proper response. You can document those processes through Incident Management Procedure.
- People — make employees aware of why being prepared for incidents is needed, and train them on how to plan for handling incidents.
Audit evidence
During the certification audit, the auditor might look for the following evidence regarding control A.5.24 Information security incident management planning and preparation: if the company is prepared for information security incidents and if incidents are managed.
These are the things the auditor will be looking for, if they are not found this is considered a nonconformity.
