The VMware Incident Response program plans and procedures are developed in accordance with the ISO 27001 standard. For security and incident management, VMware maintains contacts with industry bodies, risk and compliance organizations, local authorities, and regulatory bodies as required by the ISO 27001 standard. The list of contacts is regularly updated to ensure a direct compliance liaison and be prepared for a forensic investigation that requires a law enforcement.

Under the VMware ISMS program, the incident response plan is tested at least once annually, even if no security incident has occurred.