LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What does ISO/IEC 27035 cover?

27035 is the Information Security Incident Management standard — guidance on detecting, reporting, assessing, responding to, and learning from incidents and vulnerabilities, aimed at medium and large organisations.

Incident-management loop of four stages: detect, report and assess, handle (contain and resolve), improve (post-incident review), feeding back to detect

* 27035 as a mini-PDCA: detect to report/assess to handle to improve, feeding lessons back so the same incident does not recur. *

The premise behind 27035 is that incidents are not a sign the ISMS failed — they are inevitable, and a mature programme is judged by how it handles them, not by whether it has any. So the standard structures incident handling as its own little PDCA loop: you must be able to detect and report an event, assess whether it's a real incident, contain and resolve it, and then feed the lessons back so the same thing doesn't recur. The four themes it covers map onto exactly that flow:

  • Erkennung, Reporting und Bewertung von Sicherheitsvorfällen (detect, report, assess incidents)
  • Behandlung und Bearbeitung von Vorfällen (handle and resolve incidents)
  • Erkennung, Bewertung und Bearbeitung von Sicherheits-Schwachstellen (find and fix vulnerabilities before they're exploited)
  • Kontinuierliche Verbesserung der IS und des Incident Managements (continuous improvement)

Crucially it gives you a structure, not specific tools — it tells you which capabilities to have (a reporting channel, a triage step, a post-incident review), and you choose how to staff and tool them. 27035 is a multi-part standard:

Part Topic
27035-1 Principles of incident management
27035-2 Guidelines to plan and prepare for incident response
27035-3 Guidelines for ICT incident response operations
27035-4 (planned/withdrawn — varies by edition)

Why this matters: A mature ISMS will see incidents. The questions are how quickly you detect them, how well you contain them, and whether you learn from them. 27035 provides the playbook structure (no specific tools), and pairs naturally with NIST SP 800-61 (Computer Security Incident Handling Guide).

Tip: Treat 27035 alongside ISO 22301 (Business Continuity Management) — security incidents and business disruptions overlap, and you want both teams to share runbooks rather than maintain parallel ones.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 14, 2026