The basics
ISO 27001 control A.5.26 Response to information security incidents requires companies to document how to respond to information security incidents, in order to increase recovery speed to normal security levels.
Documentation
ISO 27001 control A.5.26 Response to information security incidents can be documented:
- for smaller and mid-size companies – through an Incident Management Procedure
- larger companies might have separate response procedures for different types of incidents.
This control must be documented.
Implementation
In order to comply with control A.5.26 Response to information security incidents you might implement the following:
- Technology — the technology needed to respond to information security incidents could include software, hardware, or networks. Companies of all sizes need to plan their response to information security incidents based on risk assessment, so to prepare their IT systems for the most probable / most damaging incidents, and how fast the response needs to be.
- Organization/processes — you should set up a process for planning and maintaining the technology needed for incident response, as well as testing your incident response plans. You can document those processes through Incident Management Procedure.
- People — make employees aware of why a fast response to incidents is needed, and train them on how to respond to identified incidents.
Audit evidence
During the certification audit, the auditor might look for the following evidence regarding control A.5.26 Response to information security incidents: if the way to respond to information security incidents is documented.
