When to use this
Use this register to document approved event reporting channels, contact points, responsibilities, and availability.
Related controls
- A.6.8 Information Security Event Reporting
- A.5.24 Information Security Incident Management Planning and Preparation
Register
| Channel | Use case | Contact point | Availability | Owner | Escalation route | Last tested |
|---|---|---|---|---|---|---|
| Service desk | Normal event reporting | TBD | TBD | TBD | Security team | TBD |
| Security mailbox | Suspected phishing/security weakness | TBD | TBD | TBD | Incident manager | TBD |
| Emergency phone | High urgency incident | TBD | TBD | TBD | Crisis/incident lead | TBD |
Awareness check
- Channels are included in onboarding.
- Channels are included in awareness training.
- Channels are easy to find.
- Channels are tested periodically.
- Backup route exists if primary channel is unavailable.
- Template
- Iso27001
- Event reporting
- Incident management
Note Metadata
Aliases: Security Event Reporting Channels
Source: 90 Templates/Information Security Event Reporting Channel Register.md
Related Notes
- ISO 27001 A.5.24 - Information Security Incident Management Planning and Preparation
- ISO 27001 A.6.8 - Information Security Event Reporting
- A.6 People Controls MOC
- A.6.8 Audit Evidence Pack
- A.6 People Controls Implementation Guide
- A.6 People Controls Audit Guide
- A.6 People Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.6.8 Audit Checklist
- Templates MOC