Checklist of ISO/IEC 27001-A.16.1.2 Reporting information security events


Prompt and effective reporting of information security events is crucial for organizations to mitigate the potential impact of incidents, near-misses, and weaknesses. A comprehensive reporting system is necessary for organizations to identify and respond to potential threats quickly. This article provides a checklist for organizations to assess their reporting systems and processes, including worker awareness and adherence to policies, procedures, and guidelines.

Sample Checklist:

Reporting Systems and Processes

  • Identify the methods used for reporting information security events, including phone calls, emails, SMS texts, incident reporting apps or forms on the intranet, or in-person reports to information security/line managers.
  • Evaluate whether the reporting system is comprehensive and includes all necessary channels for prompt reporting.
  • Review the system for identifying workers who need to be informed of reported incidents, and the process for escalating incidents to the appropriate teams for resolution.
  • Determine how the organization verifies the validity of reported incidents.
  • Evaluate whether the reporting system is regularly tested and updated to ensure its effectiveness.

Worker Awareness and Adherence to Policies, Procedures, and Guidelines

  • Assess worker awareness of the need to report information security events promptly.
  • Evaluate whether workers routinely report incidents, near-misses, and weaknesses, and identify any metrics that can be used to measure this.
  • Assess adherence to policies, procedures, and guidelines for reporting information security events.
  • Determine whether workers receive training on the reporting system, policies, procedures, and guidelines.
  • Identify any obstacles that may prevent workers from reporting information security events promptly.

Incident Reporting Workflow

  • Trace the information and workflow using relevant records and archived incidents, comparing what actually happened against policies, procedures, and guidelines.
  • Evaluate whether the reported incidents were handled appropriately and efficiently.
  • Assess the quality of communication between teams and workers involved in incident reporting.
  • Speak with people who have recently reported incidents to explore the experience and outcome from their perspectives.
  • Identify any gaps or issues in the incident reporting workflow that may require improvement.
See also  Checklist of ISO/IEC 27001-A.7.1.2 Terms and conditions of employment


Effective reporting systems and processes for information security events are critical for organizations to respond promptly and mitigate potential risks. 

By using the checklists provided in this article, organizations can assess their reporting systems and processes, evaluate worker awareness and adherence to policies, procedures, and guidelines, and identify gaps or issues in their incident reporting workflow. 

Regular review and improvement of incident reporting systems and processes are essential to ensure that they remain effective and efficient in responding to the changing threat landscape.

Leave a comment

Your email address will not be published. Required fields are marked *