This International Standard provides guidance on mechanisms for ensuring that methods and processes used in the investigation of information security incidents are fit for purpose . It encapsulates best practice on defining requirements, describing methods, and providing evidence that implementations of methods can be shown to satisfy requirements. It includes consideration of how vendor and third-party testing can be used to assist this assurance process. This document aims to provide guidance on the capture and analysis of functional and non-functional requirements relating to an Information Security (IS) incident investigation, give guidance on the use of validation as a means of assuring suitability of processes involved in the investigation, provide guidance on assessing the levels of validation required and the evidence required from a validation exercise, give guidance on how external testing and documentation can be incorporated in the validation process.