+SIM-01 Policy for Security Incident Management
---+SIM-01.01B
---+SIM-01.02B
---+SIM-01.03B
---+SIM-01.04B
---+SIM-01 Supplementary Information - Complementary Customer Criteria
|
1. Übersicht
SIM-01 Policy for Security Incident Management
-
| Bezeichnung |
Standard |
|
SIM-01.01B
|
Policies, procedures and technical safeguards are documented, communicated and provided in accordance with SP-01 to ensure a fast, effective and proper response to all known security incidents.
The cloud service provider defines guidelines for the classification, prioritisation, escalation and root cause analysis of security incidents and creates interfaces to the incident management and business continuity management.
|
|
SIM-01.02B
|
The cloud service provider has set up a 'Computer Security Incident Response Team' (CSIRT), which contributes to the coordinated resolution of occurring security incidents.
|
|
SIM-01.03B
|
Communication channels with the cloud service customers are identified and defined and customers affected by security incidents are informed in a timely and appropriate manner.
|
|
SIM-01.04B
|
There are procedures as to how the data of a suspicious system can be collected in a conclusive manner in the event of a security incident.
|
|
SIM-01 Supplementary Information - Complementary Customer Criteria
|
Cloud service customers ensure with suitable controls that they receive notifications from the cloud service provider about security incidents that affect them and that these notifications are forwarded in a timely manner to the responsible departments for handling so that an appropriate response can be triggered.
|
1.1 Referenzen
1.2 Identifizierte Anforderungen
1.2 Related Regulation
2. Identifizierte Anforderungen
Anforderungen
| Source |
Anforderung |
3. Related Regulations
Regulations
| Source |
Regulierung |
|