Privacy information incident management deals with instances of security events that have been escalated to incidents – in terms of identifying them, resolving them, providing evidence and affecting change via a root cause analysis.
Privacy incidents have the potential to drastically affect an organisations reputation and financial standing. As such, it is vitally important to operate with a robust set of incident management procedures that are easily communicable and well understood by all concerned.
ISO 27701 clause 6.13 contains 7 sub-clauses that deal with the management of information security incidents and improvements, with each control containing guidance points from ISO 27002, albeit within a privacy protection context:
Incident management is wide and varied topic, as such, several sub-clauses contain further guidance from associated controls within ISO 27002.
Just one sub-clause (ISO 27701 6.13.1.1) contains information that is relevant to areas of UK GDPR legislation – we’ve provided the article numbers underneath the guidance points, for your convenience.
In order to create a cohesive, highly functioning incident management policy that safeguards the availability and integrity of privacy information during critical incidents, organisations should:
Staff involved in privacy information security incidents should understand:
When dealing with privacy information security events, staff should:
Reporting activities should be centred around 4 key areas:
Book a tailored hands-on session
based on your needs and goals
Book your demo
Organisations need to ensure that privacy information events are reported in a timely and efficient manner.
Staff need to be provided with quick and easy ways to report privacy information events, and need to be fully aware of what constitutes a breach.
Privacy information events can include:
See ISO 27701 Clause 6.13.1.2
Organisations should adopt a qualitative approach to privacy information security incident management that includes 4 key points:
Organisations should ensure that privacy information security incidents are dealt with by a dedicated technical team with the skills and resources to affect a prompt resolution (see ISO 27002 Control 5.24).
Organisations should:
Book a tailored hands-on session
based on your needs and goals
Book your demo
We can’t think of any company whose service can hold a candle to ISMS.online.
Organisations should should create incident management procedures that deal with three main elements of privacy information security incidents:
Privacy information security incidents should benefit from procedures that:
Organisations should collect evidence surrounding incident activity with the express purpose of fulfilling their legal, regulatory, contractual and disciplinary obligations.
Evidence collection efforts should ensure that multiple regulatory and law-making bodies are able to scrutinise incident activity using (but not limited to):
Organisations shouldn’t make any assumptions on what evidence they need to collect – especially where privacy information is concerned – and organisations should involve legal authorities at the earliest opportunity if in any doubt about what needs to occur.
When providing evidence to external bodies, organisations should demonstrate that:
ISO 27701 Clause Identifier | ISO 27701 Clause Name | ISO 27002 Control | Associated GDPR Articles |
---|---|---|---|
6.13.1.1 | Responsibilities and Procedures | 5.24 – Information Security Incident Management Planning and Preparation for ISO 27002 | Articles (5), (33), (34) |
6.13.1.2 | Reporting Information Security Events | 6.8 – Information Security Event Reporting for ISO 27002 | None |
6.13.1.3 | Reporting Information Security Weaknesses | 6.8 – Information Security Event Reporting for ISO 27002 | None |
6.13.1.4 | Assessment of and Decisions on Information Security Events | 5.25 – Assessment and Decision on Information Security Events for ISO 27002 | None |
6.13.1.5 | Response to Information Security Incidents | 5.26 – Response to Information Security Incidents | Articles (33), (34) |
6.13.1.6 | Learning From Information Security Incidents | 5.27 – Learning From Information Security Incidents for ISO 27002 | None |
6.13.1.7 | Collection of Evidence | 5.28 – Collection of Evidence for ISO 27002 | None |
With ISMS.online, you can easily achieve ISO 27701 compliance by using a cloud-based information management solution.
In addition, our information security experts and resources are available to assist you with the ISO 27701 accreditation process.
Find out more by booking a demo.