Management shall define responsibilities and establish procedures to ensure an effective and consistent response to security incidents.
Management must ensure e.g.:
- interference management has clear responsibilities
- there is a documented process for responding, handling and reporting incidents
The process must ensure e.g.:
- staff have a clear contact point / tool and instructions for reporting incidents
- the reported security breaches will be addressed by qualified personnel in a sufficiently comprehensive manner