When to use this
Use this checklist to define and test how monitoring alerts are handled outside normal business hours.
Related controls
- A.8.16 Monitoring Activities
- A.5.24 Information Security Incident Management Planning and Preparation
- A.5.25 Assessment and Decision on Information Security Events
- A.5.26 Response to Information Security Incidents
Escalation checklist
- Out-of-hours monitoring responsibility is assigned.
- On-call or escalation contacts are current.
- Severity criteria define when contact is required.
- Contact methods are documented and tested.
- Operational staff can verify or investigate alerts.
- Security staff know when to preserve evidence.
- Incident manager escalation is defined.
- Failed contact path has a backup route.
- Test records are retained.
Escalation test record
| Test date | Alert scenario | Primary contact reached? | Backup used? | Response time | Issue found | Corrective action |
|---|---|---|---|---|---|---|
| TBD | TBD | Yes/No | Yes/No | TBD | TBD | TBD |
- Template
- Iso27001
- Technological controls
- Monitoring
- Incident response
Note Metadata
Aliases: After-Hours Monitoring Escalation Checklist
Source: 90 Templates/Out-of-Hours Monitoring Escalation Checklist.md
Related Notes
- ISO 27001 A.5.24 - Information Security Incident Management Planning and Preparation
- ISO 27001 A.5.25 - Assessment and Decision on Information Security Events
- ISO 27001 A.5.26 - Response to Information Security Incidents
- A.8.16 Audit Evidence Pack
- ISO 27001 A.8.16 - Monitoring Activities
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.16 Audit Checklist
- Templates MOC