What is EN ISO 27031: 2018 ?

EN ISO 27031: 2018 is a widely recognized standard for information security management systems. It is designed to provide guidelines and best practices for establishing, implementing, maintaining, and continually improving an organization's information security management system. The standard is focused specifically on the financial sector, but its principles and recommendations can be applied to any industry.

EN ISO 27035-1: 2018, also known as "Information technology — Security techniques — Information security incident management", is an international standard that provides guidelines for managing information security incidents within an organization. The standard aims to assist in the detection, reporting, assessment, and response to information security incidents, thereby minimizing the impact on the organization's operations and reputation.

The key components of EN ISO 27035-1: 2018 include:

* A structured and systematic approach to incident management

* The identification of key information security incidents and the establishment of a reporting mechanism

* The implementation of a communication plan to keep stakeholders informed of the incident status

* A process for conducting an incident assessment, including the identification of potential mitigateive actions

* A process for documenting and reporting incidents, including the collection of relevant information for future incident reporting

* A process for reviewing and updating incident management procedures

By following the guidelines outlined in EN ISO 27035-1: 2018, organizations can effectively manage risks, protect sensitive information, and strengthen their overall security posture. It helps organizations develop a proactive approach towards information security, ensuring compliance with legal, regulatory, and contractual requirements.