ISO/IEC 27035
Information security incident management
Overview
Provides guidelines for information security incident management, including preparation, detection, assessment, response, and lessons learned. Covers the complete incident lifecycle from planning to post-incident activities.
Applicability
Cybersecurity incident detection, response, and recovery
Relevance to Network and Information Security Directive (NIS2)
Essential for NIS2 incident detection, reporting, and response obligations
Key Coverage Areas
Standard Sections & Chapters
Incident management planning
Detection and reporting
Assessment and decision
Responses
Principles of incident management
Guidelines to plan and prepare
Guidelines for ICT incident response operations
Related Network and Information Security Directive (NIS2) Articles
Article 21: Cybersecurity risk-management measures
View Article →Incident management integration
Implementation Guidance:
Integrate incident management into risk management framework
Mapped Obligations:
- Set up incident handling procedures
Article 23: Reporting obligations
View Article →Incident detection, assessment, and reporting
Implementation Guidance:
Establish 24-hour early warning, incident assessment, and formal reporting procedures
Mapped Obligations:
- Report significant incidents to CSIRT or competent authority without undue delay
- Submit early warning within 24 hours of becoming aware of incident
- Submit incident notification within 72 hours with initial assessment
- Submit final report within one month after incident notification
- Notify recipients/customers of services about significant incidents that may affect them
- Cooperate with authorities on cross-border incident information sharing
Quick Information
- Organization
- ISO/IEC
- Category
- Incident Management
- Certification
- Not available