In the ACN baseline typology, IS-2 addresses incidents where the entity has evidence of integrity loss involving digital data under its ownership or control. Operationally, teams should confirm unauthorized data alteration, assess external impact, and activate escalation/notification decision flow.
Sources: ACN baseline reading guide, ACN baseline obligations determination
Key takeaways
- IS-2 is tied to integrity-loss compromise patterns.
- Qualification requires evidence of incident occurrence.
- The compromise object is digital data owned/controlled by the entity.
- Official typology mapping (condition, compromise, object) should drive decision consistency.
Sources: ACN baseline reading guide
IS-2 qualification model
1. Condition
The entity has evidence that a relevant incident occurred.
2. Compromise pattern
The compromise corresponds to integrity loss, including unauthorized modification with external impact as described by official guidance.
3. Object of compromise
The impacted object is digital data within the entity ownership/control perimeter.
Sources: ACN baseline reading guide, ACN baseline obligations determination
Operational handling steps for IS-2
| Step | Control question | Expected output |
|---|---|---|
| Evidence capture | Do we have objective evidence of unauthorized data modification? | Timestamped evidence record |
| Data-impact scope | Which data sets and dependent processes are affected? | Integrity-impact scope statement |
| Escalation decision | Does the case meet significant-incident criteria? | Escalation decision log |
| Notification readiness | Is incident information structured for authority workflow? | Structured incident brief |
Sources: ACN baseline reading guide
90-day implementation checklist
- Add IS-2 decision criteria into triage and investigation templates.
- Standardize evidence collection for integrity-modification events.
- Define workflow for mapping impacted data and downstream process effects.
- Run incident drills focused on integrity compromise with external impact.
- Keep traceable linkage between IS-2 qualification and escalation outcomes.
FAQ
Is any data inconsistency automatically IS-2?
No. Qualification depends on official typology criteria and documented incident evidence. Source: ACN baseline reading guide
What is the relevant incident trigger point?
The trigger is tied to when the entity acquires evidence of the significant incident, as defined in official guidance. Source: ACN baseline reading guide
Which data perimeter is considered for IS-2?
Digital data owned by the entity or data over which it exercises control, according to baseline definitions. Source: ACN baseline reading guide