Annex A 5.24 - Information Security Incident Management Planning and Preparation

The organization shall plan and prepare for managing information security incidents by defining, establishing and communicating information security incident management processes, roles and responsibilities.