11.a - Reporting Information Security Events

The 11.a control requires the organization to implement a formal process for identifying, documenting, and promptly reporting information security events to designated internal and external stakeholders. It specifies defined reporting procedures, escalation paths, and timelines to ensure timely response and compliance with legal or regulatory obligations.