ISO 27001 Annex: A.16 Information Security Incident Management

This article discusses the Management of Information Security Incidents and Improvements and the responsibilities and procedures associated with them.

A.16.1 Management of Information Security Incidents and Improvements

Information security incidents management is designed to provide a strategy that ensures effective communication about security incidents and vulnerabilities.

A.16.1.1 Responsibilities and Procedures


To facilitate a fast, organized, and efficient response to ISO 27001 Annex: A.16 Information Security Incident Management roles and procedures need to be established.

Implementation Guidance

In terms of managing incident information security, managers should be aware of the following recommendations:

A. The following management roles should be established within this organization to ensure proper development and coordination of procedures:

– Planning and preparing procedures for responding to incidents;
– Monitoring, identifying, analyzing and reporting procedures for security incidents and events;
– Management of incident logging procedures.
– Procedures for managing forensic evidence;
– Evaluation and decision making processes in information security, as well as assessments of information security vulnerabilities;
The response protocol includes escalation mechanisms, recovering from incidents and contacting affected individuals or organizations;

B. The governing procedures should ensure the following:

– The organization has competent staff that handles information security issues;
– An individual designated for the identification of hazardous safety incidents and for reporting them;
– A proper relationship is maintained with authorities, allies, or groups responsible for security issues;

C. Reporting procedures include:

– Preparing ways to cover information security events to simplify coverage and to help reporters keep track of any steps needed to be taken;
– The steps to be taken in the event of a security breach, such as ensuring that all violations and non-compliances are immediately reported, on-screen notifications, and immediate contacts are made;
– Instance where disciplinary actions are taken against employees who behave in a security-related manner;
The reporting of information security events will be followed by appropriate feedback processes to ensure that the results are available following resolution and closure.

To ensure that those in charge of managing information security incidents are aware of the priorities of the organization in managing information security incidents, management objectives for information security incidents should be established.

Other Information

In the field of information security, incidents may occur between countries and organizations. Responding to such incidents calls for the coordination of responses with foreign organizations, and sharing of relevant information with them.

Related Questions

1. Can you give an example of a security incident?
2. What does an incident management policy entail?
3. How do I obtain ISO 27001 certification?
4. Which standard should you consult when managing incident response?
5. What controls are contained in ISO 27001 Annex: A.16 Information Security Incident Management?

About Author /

Start typing and press Enter to search