This article provides additional information on how you can meet the requirement for the ISO 27001: 2022 A.5.25 Assessment and decision on information security events.
ISO 27001: 2022 Control Description
The organisation shall assess information security events and determine whether they should be categorised as information security incidents.
Purpose
To ensure effective categorisation and prioritisation of information security events.
Guidance on implementation
A categorisation and prioritisation scheme for information security incidents should be agreed upon to identify the consequences and priority of an incident. This scheme should include the criteria for categorising events as information security incidents. The point of contact should assess each information security event using the agreed scheme.
Personnel responsible for coordinating and responding to information security incidents should carry out the assessment and make decisions regarding information security events. The results of the assessment and decisions should be recorded in detail for future reference and verification