Comprehensive and Detailed Explanation From Exact Extract:
During the response phase, one of the most critical activities—according to ISO/IEC 27035-1 and 27035-2—is the documentation of actions, decisions, and results. Clause 6.4.6 of ISO/IEC 27035-1 emphasizes that all activities must be logged to support post-incident analysis, audit trails, and lessons learned. This ensures that:
Accountability is maintained
Decisions can be reviewed
Investigations are legally sound (especially in regulated environments)
While restoring systems (Option C) typically occurs in the recovery phase, logging activities and outcomes is essential during the actual response. Change control processes (Option B) are supporting functions but are not core to the immediate response phase.
[Reference:, , ISO/IEC 27035-1:2016, Clause 6.4.6: “All incident response actions and decisions should be recorded to enable traceability and facilitate future improvement.”, , Correct answer: A, , —, ]
Submit