Annex A 5.25 - Assessment and Decision on Information Security Events

The organization shall assess information security events and decide if they are to be categorized as information security incidents.