Good Practice Guide on Incident Reporting

The European Commission and Member States pay increasing attention to the resilience of public electronic communications networks. Their aim is to ensure that this infrastructure fulfills its role as a fundamental platform for European societies, economies and institutions. In 2009 ENISA conducted a study and published the Good Practice Guide on incident reporting, to support Member States moving closer to resilience of CIIP.

Published under For Telcos

Incident reporting plays an important role in these efforts as it contributes in improving stakeholders' knowledge of the actual security problems at stake.

An effective incident reporting system contributes to the collection of reliable and up-to-date data on information security incidents and ensures:

  1. quick dissemination of information among interested parties,
  2. a coordinated response,
  3. access to a wide pool of expertise about such incidents,
  4. that national authorities can follow up with the infrastructure managers in a regulatory capacity,
  5. threat analysis; and
  6. identification of good practices.


The European Commission has highlighted, in a number of key policy documents, the importance of getting reliable, up-to-date and comparable data on security incidents in order to develop a clear understanding of the nature and extent of the challenges at stake.

Recognizing the importance of the topic of incident reporting and the need to prepare the ground for these policy and regulatory developments, ENISA performed an extensive stock taking of Member States activities with the aim to identify and analyze existing practices for incident reporting procedures resulting in the Good Practice Guide on Incident Reporting.

The main objective was to identify good practices and to share them with Member States throughout the EU. Such a stock taking of good practices could serve as a basis to the overall discussion on how Member States could best implement the provision on breach notification of article 13 of the revised Framework Directive.

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies