ISO/IEC 27035:2011 Information Security Incident Management

ISO/IEC 27035:2011 provides best practice guidance for information security incident detection, reporting and management.

The ISO standard aims to help organisations reduce the impact of I.T security threats by implementing the defined incident management approach.

Although Incident management is addressed within ISO/IEC 27001 the Information Security Management System Standard, ISO/IEC 27035:2011 supports and expands guidance.

ISO describe the standard as a solution to “help businesses respond to information security incidents, including the activation of appropriate controls for the prevention and reduction of, and recovery from, impacts, and, in so doing, learn and improve their overall approach.”

Many organisation are vulnerable to security incidents and the increased resources needed to recover the business. Incidents could also result in a criminal investigation and/or ICO fine, which could be prevented using the methods contained within this standard.

For advice on Incident Management contact Assent on 020 3432 2854


Robert Clements
Robert Clements
Articles: 287