Content library
Nacionālās kiberdrošības likums (Latvia)
27.(b).1 (Incidentu): Incidentu pārvaldība, reģistrēšana un atklāšana

Requirement description

Subjekts veic piemērotus un samērīgus tehniskos un organizatoriskos pasākumus, lai pārvaldītu kiberriskus subjekta izmantoto elektronisko sakaru tīklu un informācijas sistēmu drošībai un novērstu vai līdz minimumam samazinātu kiberincidentu ietekmi uz subjekta pakalpojumu saņēmējiem un uz citiem pakalpojumiem.

How to fill the requirement

Nacionālās kiberdrošības likums (Latvia)

27.(b).1 (Incidentu): Incidentu pārvaldība, reģistrēšana un atklāšana

Task name
Priority
Status
Theme
Policy
Other requirements
Personnel guidelines for reporting security incidents
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
40
requirements

Examples of other requirements this task affects

T06: Turvallisuuspoikkeamien hallinta
Katakri
24. Responsibility of the controller
GDPR
16.1.3: Reporting information security weaknesses
ISO 27001
16.1.2: Reporting information security events
ISO 27001
6.4: Menettelytavat virhe- ja ongelmatilanteissa
Omavalvontasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Personnel guidelines for reporting security incidents
1. Task description

A process for reporting incidents is maintained to help staff report incidents efficiently and consistently.

Things to report as an incident include e.g.:

  • unauthorized access to data / premises
  • action against security guidelines
  • suspected security issue (e.g. phishing, malware infection)
  • data system outage
  • accidental or intentional destruction / alteration of data
  • lost or stolen device
  • compromised password
  • lost physical identifier (e.g. keychain, smart card, smart sticker)
  • suspected security weakness (e.g. on utilized data system or other procedures)

The personnel guidelines emphasize the obligation to report security incidents as soon as possible in accordance with the agreed process. The instructions also describe other operations in the event of an incident (e.g. recording seen error messages and other details).

Designation of an incident management team
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
31
requirements

Examples of other requirements this task affects

16.1.2: Reporting information security events
ISO 27001
16.1.3: Reporting information security weaknesses
ISO 27001
ID.RA-3: Threat identification
NIST
RS.CO-1: Personnel roles
NIST
5.25: Assessment and decision on information security events
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Designation of an incident management team
1. Task description

The organization shall ensure that clear persons are assigned to incident management responsibilities, e.g. handling the first response for incidents.

Incident management personnel need to be instructed and trained to understand the organization's priorities in dealing with security incidents.

Treatment process and documentation of occurred security incidents
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
49
requirements

Examples of other requirements this task affects

T06: Turvallisuuspoikkeamien hallinta
Katakri
32. Security of processing
GDPR
12. Transparent information, communication and modalities for the exercise of the rights of the data subject
GDPR
16.1.5: Response to information security incidents
ISO 27001
6.4: Menettelytavat virhe- ja ongelmatilanteissa
Omavalvontasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Treatment process and documentation of occurred security incidents
1. Task description

All security incidents are addressed in a consistent manner to improve security based on what has happened.

In the incident treatment process:

  • the reported incident is confirmed (or found unnecessary to record)
  • the type and cause of incident is documented
  • the risks associated with the incident are documented
  • the risks are re-evaluated and treated if that is necessary after the incident
  • risk mitigation measures or a decision their acceptance is documented
  • people who need to be informed of the results of the incident treatment are identified (including external ones)
  • possible need for a post-incident analysis is determined
The first level response process to security incidents
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
34
requirements

Examples of other requirements this task affects

16.1.4: Assessment of and decision on information security events
ISO 27001
6.4: Menettelytavat virhe- ja ongelmatilanteissa
Omavalvontasuunnitelma
DE.AE-4: Impact of events
NIST
RS.RP: Response Planning
NIST
RS.RP-1: Incident response plan
NIST
See all related requirements and other information from tasks own page.
Go to >
The first level response process to security incidents
1. Task description

The organization has defined a process and the team involved in responding promptly to security incidents and deciding on the appropriate actions.

The first level response process includes at least:

  • effectively seeking to confirm the identified incident
  • deciding on the need for immediate response
Process for detecting and reporting security breaches related to the supply chain
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Data breach management
17
requirements

Examples of other requirements this task affects

A.10.1: Notification of a data breach involving PII
ISO 27018
DE.CM-6: External service provider activity monitoring
NIST
5.23: Information security for use of cloud services
ISO 27001
P6.5: Notification of unauthorized disclosure of personal information from third parties
SOC 2
21.2.b (incidents): Incident management
NIS2
See all related requirements and other information from tasks own page.
Go to >
Process for detecting and reporting security breaches related to the supply chain
1. Task description

The organization shall define the procedures for reporting security breaches in the supply chain. The process must take into account all kinds of roles in the supply chain, whether we are the customer of the end product or one supplier in the chain.

Policies shall take into account agreements with partners and customers and their commitments regarding the reporting obligations of both parties.

Regular periodic analysis and learning of incidents
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
31
requirements

Examples of other requirements this task affects

16.1.6: Learning from information security incidents
ISO 27001
PR.IP-7: Protection processes
NIST
PR.IP-8: Protection effectiveness
NIST
DE.DP-5: Detection processes improvment
NIST
RS.AN-2: The impact of the incident
NIST
See all related requirements and other information from tasks own page.
Go to >
Regular periodic analysis and learning of incidents
1. Task description

The knowledge gained from analyzing and resolving security incidents should be used to reduce the likelihood of future incidents and their impact.

The organization regularly analyzes incidents as a whole. This process examines the type, amount and cost of incidents with the aim of identifying recurrent and significant incidents that need more action.

If recurrent incidents requiring response are identified, based on them:

  • new management tasks are created or current ones expanded
  • security guidelines in this area are refined or extended
  • a case example of the incident is created that is used to train staff to respond to or avoid similar incidents

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.