According to ISO/IEC 27001, an incident management process must include processes for using knowledge gained from information security incidents to reduce the likelihood or impact of future incidents, and to improve the overall level of information security. This means that the organization should conduct a root cause analysis of the incidents, identify the lessons learned, and implement corrective actions to prevent recurrence or mitigate consequences. The organization should also document and communicate the results of the incident management process to relevant stakeholders, and update the risk assessment and treatment plan accordingly. (Must be taken from ISO/IEC 27001 : 2022 Lead Implementer resources)

References: ISO/IEC 27001 : 2022 Lead Implementer Study guide and documents, specifically:

ISO/IEC 27001:2022, clause 10.2 Nonconformity and corrective action

ISO/IEC 27001:2022, Annex A.16 Information security incident management

ISO/IEC TS 27022:2021, clause 7.5.3.16 Information security incident management process

PECB ISO/IEC 27001 Lead Implementer Course, Module 9: Incident Management