Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >ISO 27001
  3. >Organisational Controls
  4. >ISO27001-5.28
ISO27001-5.28Active

Collection of evidence

Statement

The organisation should establish and implement procedures for the identification, collection, acquisition and preservation of evidence related to information security events.

Location

Control Group
Organisational Controls

Control Details

Identifier
ISO27001-5.28
Number
Annex A 5.28

Classification

Annex A Control

Control Group

Implementation Guidance

The organisation should establish and implement procedures for the identification, collection, acquisition and preservation of evidence related to information security events.

AESCSF
AESCSF-RESPONSE-1crelatedvia aescsf-reference
AESCSF-RESPONSE-1drelatedvia aescsf-reference
AESCSF-RESPONSE-2irelatedvia aescsf-reference
AESCSF-RESPONSE-3drelatedvia aescsf-reference
AESCSF-RESPONSE-3erelatedvia aescsf-reference
View in graphReport an issue
← Back to Organisational Controls
Organisational Controls37 controls
ISO27001-5.1Policies for information securityISO27001-5.2Information security roles and responsibilitiesISO27001-5.3Segregation of dutiesISO27001-5.4Management responsibilitiesISO27001-5.5Contact with authoritiesISO27001-5.6Contact with special interest groupsISO27001-5.7Threat intelligenceISO27001-5.8Information security in project managementISO27001-5.9Inventory of information and other associated assetsISO27001-5.10Acceptable use of information and other associated assetsISO27001-5.11Return of assetsISO27001-5.12Classification of informationISO27001-5.13Labelling of informationISO27001-5.14Information transferISO27001-5.15Access controlISO27001-5.16Identity managementISO27001-5.17Authentication informationISO27001-5.18Access rightsISO27001-5.19Information security in supplier relationshipsISO27001-5.20Addressing information security within supplier agreementsISO27001-5.21Managing information security in the ICT supply chainISO27001-5.22Monitoring, review and change management of supplier servicesISO27001-5.23Information security for use of cloud servicesISO27001-5.24Information security incident management planning and preparationISO27001-5.25Assessment and decision on information security eventsISO27001-5.26Response to information security incidentsISO27001-5.27Learning from information security incidentsISO27001-5.28Collection of evidenceISO27001-5.29Information security during disruptionISO27001-5.30ICT readiness for business continuityISO27001-5.31Legal, statutory, regulatory and contractual requirementsISO27001-5.32Intellectual property rightsISO27001-5.33Protection of recordsISO27001-5.34Privacy and protection of PIIISO27001-5.35Independent review of information securityISO27001-5.36Compliance with policies, rules and standards for information securityISO27001-5.37Documented operating procedures