+SIM-02 Security Incident Response Plans
---+SIM-02.01B
---+SIM-02.02B

1. Übersicht

SIM-02 Security Incident Response Plans

SIM-02.01B

The cloud service provider has documented, approved and communicated one or more security incident response plans. The plans address all stages of incident response, including identification, containment, eradication, recovery, and lessons learned. They are approved by subject matter experts of the cloud service provider and communicated to all relevant stakeholders.

Relevant stakeholders in the sense of this criterion are those that need to know the incident response plan, for example due to their involvement in its execution or due to contractual or regulatory agreements.

SIM-02.02B

The plans are evaluated and updated at least annually or as necessary to reflect changes in the organisational structure or environment.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html