ISO/IEC 27001 Control 6.8: Information security event reporting

The organization should provide a mechanism for personnel to report observed or suspected information security events through appropriate channels in a timely manner.

MidPoint's contribution to implementation of this control is marginal.

Implementation of the control is mostly outside the scope of identity governance and administration (IGA), therefore midPoint cannot provide significant advantage. However, midPoint can still provide minor supporting information and functionality.

MidPoint provides features that can provide security event details if necessary.

MidPoint provides supporting capabilities, which provides data regarding security events, making reporting of the events easier. MidPoint reporting capabilities, audit trail as well as information produced by policy rules can be used to provide such information. Synchronization capability can automatically detect, report and handle some security events, such as orphaned accounts.

This control focuses on mechanisms allowing users to report security events. MidPoint has strong capabilities that support security event detection. However, such detection mechanisms are not focus of this control. Therefore midPoint can provide only marginal support for this control.