All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI SCIM Integration
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base DORA Knowledge Base
Company Security and customers first
About News Partners Contact

Assessment and decision on information security events

Annex A control 5.25 of the 2022 version of the ISO 27001 standard can be mapped to ISO 27001:2013 Annex A 16.1.4

Control 5.25 focuses on the way organisations identify and categorise information security incidents. It gives clear guidance on prioritisation and how these events are handled by the relevant parties.

By helping organisations to identify and prioritise information security incidents based on event-specific variables, Annex 5.25 acts as a detective control that maintains risk.

What does Annex 5.25 include?

Control 5.25 aims to help organisations with a broad operational scope, rather than specific guidance points. Through this method, it presents an approach for effective information security incident management on a holistic scale.

The control outlines that organisations should develop an accepted categorisation scheme to differentiate between IS incidents and IS events. There should a point of contact who is responsible for IS event categorisation.

Technical personnel should be involved in the assessment process, in order to ensure that the necessary skills and tools to analyse and resolve incidents are at hand. Deciding on whether to escalate an event to an incident should be a collaborative decision.

Organisations should record conversations, assessments and categorisations so that future information security incident decisions can be made with all relevant information to hand, building a more robust risk security over time.

What’s changed since ISO 27001:2013?

Replacing ISO 27001:2013 Annex A control 16.1.4, the 2022 control adheres to the same operational principles but includes one key deviation. While in the older control, an information security incident response team (ISIRT) is described as being involved in categorisation and escalation, control 5.25 makes reference to any staff members involved in analysing and resolving security incidents.

Control 5.25 also puts greater emphasis on categorising events appropriately before escalation.