When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this during internal audits to verify that incident management planning and preparation are defined, communicated, and ready to operate.
Checklist
- Incident management process exists.
- Incident roles and responsibilities are defined.
- Reporting channels are communicated.
- Event and weakness reporting is covered.
- Triage and classification criteria are defined.
- Escalation criteria are defined.
- Investigation and recovery processes are defined.
- Communication responsibilities are defined.
- Evidence preservation expectations are defined.
- Incident exercises or tabletop tests are performed.
- Incident register exists.
- Lessons learned are captured.
- Corrective actions are tracked.
- Supplier/cloud incidents are integrated where relevant.
Related notes
- Iso27001
- ISO27002
- Template
- Audit
- A5 24
Note Metadata
Aliases: A.5.24 Checklist
Source: 90 Templates/A.5.24 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- ISO 27001 A.5.24 - Information Security Incident Management Planning and Preparation
- A.5.24 Audit Evidence Pack
- Audit Evidence MOC
- AQ-ISO27001-A.5.24 Information Security Incident Management Planning and Preparation
- Incident Management Plan
- Incident Roles and Communications Matrix
- Audit Evidence Index
- Templates MOC