+SIM-03 Processing of Security Incidents
---+SIM-03.01B
---+SIM-03.02B
---+SIM-03.03B
---+SIM-03.04B
---+SIM-03.05B
---+SIM-03.06B
---+SIM-03.07B
---+SIM-03.01AC
---+SIM-03.02AC
---+SIM-03.03AC

1. Übersicht

SIM-03 Processing of Security Incidents

-

Bezeichnung	Standard
SIM-03.01B	Subject matter experts of the cloud service provider classify, prioritise and perform root-cause analyses for events that could constitute a security incident.
SIM-03.02B	The results of these root-cause analyses are documented, shared with relevant stakeholders, and used as part of evaluation and learning processes.
SIM-03.03B	If the cloud service provider determines that it requires external assistance for processing a security incident, it selects an incident response service based on their competence and trustworthiness or by following the recommendations of a national cybersecurity authority.
SIM-03.04B	A catalogue providing clear identification of information security incidents affecting cloud service customer data is maintained and used for the classification of information security incidents.
SIM-03.05B	The cloud service provider also uses the incident classification mechanism for the correlation of information security events, and assesses as well as classifies the correlated information security events according to their criticality.
SIM-03.06B	All documents and evidence that provide details on security incidents related to the cloud service are archived in a secure and tamper-proof manner, in line with criticality and regulatory requirements. Regulatory requirements may necessitate maintaining a chain of custody to ensure that documents can be relied upon in legal proceedings.
SIM-03.07B	The analysis process provides sufficient traceability to understand root causes and attack progression, appropriate to the risk and impact of the security incident.
SIM-03.01AC	The cloud service provider simulates the identification, analysis and defence of security incidents and attacks at least once a year through appropriate tests and exercises (e.g. Red Team training).
SIM-03.02AC	An integrated team of forensic/incident responder personnel, specifically qualified to preserve evidence and manage a chain of custody, is established or contracted for their services.
SIM-03.03AC	The cloud service provider verifies the application of incident management policies and procedures by monitoring the information security incident handling processes. Timely and appropriate remediation measures address any deviations identified during monitoring.

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html

Impressum