Security Incident Management
The VMware Incident Response program plans and procedures are developed in accordance
with the ISO 27001 standard. For security and incident management, VMware maintains contacts
with industry bodies, risk and compliance organizations, local authorities, and regulatory
bodies as required by the ISO 27001 standard. The list of contacts is regularly updated to
ensure a direct compliance liaison and be prepared for a forensic investigation that
requires a law enforcement.
Under the VMware ISMS program, the incident response plan is tested at least once
annually, even if no security incident has occurred.