Codes & Standards - Purchase
This document is not concerned with non-ICT incident response operations such as loss of paper-based documents.
This document is based on the Detection and reporting phase, the Assessment and decision phase and the Responses phase of the Information security incident management phases model presented in ISO/IEC 27035-1:2016.
The principles given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the provisions given in this document according to their type, size and nature of business in relation to the information security risk situation.
This document is also applicable to external organizations providing information security incident management services.