The present document covers the 2 types of security incident detection services: internal and external. The requirements can be implemented at 2 different levels: basic level (partial compliance)@ advanced level (full compliance). The present document is structured as follows (after clauses 2 and 3 respectively dedicated to references and terms@ symbols and abbreviations): ? Clause 4 describes the activities to which the present document relates. ? Clause 5 presents the requirements applicable to service providers (either internal or external) operating a SOC. NOTE: These requirements@ labelled with lowercase letters (a@ b@ c@ etc.)@ stem from requirements of a similar reference framework published by ANSSI [i.12]@ so that their labelling is aligned with them@ meaning that not present letters correspond to discarded or not relevant requirements. ? Annex A presents the tasks and skills expected from the service provider's employees. ? Annex B presents the recommendations for the commissioning entities when contracting with security incident detection providers. ? Annex C defines the basic and partial level of implementation of the requirements.