These controls focus on the processes used to act when an information security or privacy event is detected.

These controls support our ability to contain the impact of a potential incident. Controls in this category focus on helping us understand the following:

  • What response plans are in place;
  • Roles and responsibilities for incident response;
  • What the options are for mitigating risks from an information security incident.