ISO/IEC 27035:2023
Incident management system

ISO/IEC 27035 is an international standard that provides best practices and guidelines for establishing and maintaining an effective information security incident management process.

Purpose of ISO/IEC 27035:


  • Reducing the negative impact of incidents on the organization’s operations.

  • Ensuring a quick and efficient response to incidents.

  • Reducing the risk of possible threats or data loss.

  • Increasing resilience to future incidents.

  • Compliance with relevant legal and regulatory requirements.

  • Increasing the reputation and credibility of the organization.

Advantages for the organization

  • Expense reduction: A quick and efficient response to incidents can significantly reduce the financial and reputational costs associated with an incident.
  • Protection of business operations: Effective incident management can minimize business interruption and ensure the availability of critical business data and systems.
  • Increased resistance: Applying ISO 27035 helps organizations assess their incident risks, implement appropriate controls and develop an emergency plan, all of which make the organization more resilient to future incidents and partially meet CRA requirements.
  • Increased compliance: ISO 27035 can help organizations demonstrate compliance with relevant data protection laws and regulations.

Advantages for the organization's clients

  • Increased confidence: Clients can be more confident that the organization has a robust process in place to deal with a potential incident and protect their data.
  • Reduced risk: Clients are less exposed to data loss or damage in the event of an incident.
  • Transparency: An organization that has adopted ISO 27035 demonstrates its commitment to data protection and can provide clients with greater transparency about how their data is handled.
  • Competitive advantage: An organization that has an incident management system in place according to ISO 27035 can have an advantage over the competition when it comes to acquiring and retaining clients.
ISO/IEC 27035 is an important standard for any organization that wants to protect its information resources and build resilience to information security incidents. The introduction of this standard provides significant advantages for the organization and its clients.

Contact us

Name and surname*
This field is for validation purposes and should be left unchanged.

or call us

+385 1 3079 340 (landline)
+385 91 4846 725 (cellphone)