Answer yes if your organisation has a documented Incident Response Plan that has been reviewed in the last year. Please provide the Incident Response Plan (as a PDF file) as evidence.
An Incident Response Plan (IRP) is a crucial document that outlines the operational steps that must be taken when an unexpected or disruptive event occurs. The plan can be invoked for both security and non-security incidents and should be an organic and operational document used to restore service and co-ordinate an effective response.
The IRP is a framework guide or set of instructions to help staff assess, respond to, and recover from events such as cybercrime, data loss, and service disruptions. Ensure your key staff are familiar with the plan to enable your business to respond to an incident quickly, helping to minimise impacts, mitigate vulnerabilities, restore services and processes, and reduce the risks of similar future incidents.
It is advisable to keep a copy of your incident response plan in an alternative location for staff to follow if your company's communication channels are not usable during an incident (e.g. emails, your intranet, or connectivity to the internet might not be working).
For larger organisations, best practice advice is to model your incident response plan aligned with a gold-silver-bronze command structure. This allows your response to incidents to be flexible yet effective, and splits the strategic, tactical, and operational responsibilities accordingly.
To implement this control you will need to design and document an incident response plan. The plan will need to be tailored to your particular organisation’s process for identifying, responding to, and resolving incidents. It can be helpful to have a security consultant support you in designing, implementing, and testing your plan.
Various IRP templates can be found online. It is important that whichever template you choose is subsequently tailored to your specific business environment. This will require input from your technical resources and the plan should be thoroughly tested to ensure its effectiveness.
If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.