Checklist of ISO/IEC 27001-A.16.1.1 Responsibilities and procedures


Incidents related to information security can have a significant impact on an organization’s operations and reputation. 

To mitigate such risks, organizations must have effective incident management policies and procedures in place. 

This article provides a checklist for organizations to assess their incident management policies and procedures, and also review incident records to identify issues and improvement opportunities.

Sample Checklist:

Incident Management Policies and Procedures

  • Review incident response planning and preparations to ensure they are comprehensive and up-to-date.
  • Identify nominated point/s of contact for incident reporting, tracking and feedback (e.g. status updates).
  • Ensure that monitoring, detecting, and reporting of information security events is clearly defined.
  • Review the process for analyzing, evaluating, and assigning events to resolving agencies, incident response teams, etc.
  • Ensure that escalation paths, including emergency responses and business continuity invocation, are clearly defined.
  • Establish planned methods of collecting digital forensic evidence where needed.
  • Review the process for conducting periodic and/or post-event security review meetings and learning/improvement processes.

Incident Records Review

  • Gather a sample of incident records, including incident reporting, logging, triage, assignment to resolution agencies, mitigation, confirmation of closure, and learning points.
  • Analyze incident records to identify trends and patterns.
  • Evaluate the effectiveness of incident management policies and procedures based on incident records.
  • Identify any issues or improvement opportunities based on incident records.
  • Document any findings and recommendations for improvement.


Incident management policies and procedures are essential to ensure that organizations can respond effectively to information security incidents. 

By using the checklists provided in this article, organizations can assess their incident management policies and procedures, identify areas for improvement, and review incident records to identify trends and patterns.

See also  Checklist of ISO/IEC 27001-A.15.1.3 Information and communication technology supply chain

It is crucial to regularly review and update incident management policies and procedures to ensure that they remain effective in responding to the changing threat landscape. 

By taking these steps, organizations can minimize the potential impact of information security incidents and ensure that they can continue to operate effectively in the face of such risks.

Leave a comment

Your email address will not be published. Required fields are marked *