3.1 Incident handling policy
3.1.1. For the purpose of Article 21(2), point (b) of Directive (EU) 2022/2555, the relevant entities shall establish an incident handling policy laying down the roles, responsibilities, and procedures for detecting, analysing, containing or responding to, recovering, documenting and reporting of incidents in a timely manner.
3.1.2. The policy referred to in point 3.1.1shall include:
(a) a categorisation system for incidents;
(b) effective communication plans including for escalation and reporting;
(c) assignment of roles to detect and appropriately respond to incidents to competent employees;
(d) documents to be used in the course of incident detection and response such as incident response manuals, escalation charts, contact lists and templates;
(e) interfaces between the incident handling and business continuity management.
3.1.3. The roles, responsibilities and procedures laid down in the policy shall be tested and reviewed and, where appropriate, updated at planned intervals and after significant incidents or significant changes to operations or risks.
Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!