SP - 008 - Data Breach Incident Response Plan

Page 1

Storm Procurement Limited Policy Title:

Data Breach Incident Response Plan

Policy No:

008

Effective date: 21st April 2021 Owner:

Version

1.02

Replaces

1.01

Data Protection Officer

This plan has been produced to provide a coordinated and best practice to a data security breach which can happen for a number of reasons, including but not limited to:       

Loss or theft of data or equipment on which data is stored Inappropriate access controls allowing unauthorised use Equipment failure Human error Unforeseen circumstances such as fire or flood Cyber attack Social Engineering offences where information is obtained by deceiving the organisation who holds it

Scope of the Incident Response Plan This document identifies numbered tasks that are the order of steps that need to be taken in the event of an incident. The plan consists of four key elements:  Containment & Recovery  Assessment of ongoing risk  Notification of breach  Evaluation and response Containment & Recovery   

All incidents or suspected incidents must be reported immediately to the Incident Manager The Incident Manager may decide to convene the Incident Response Management Team dependant on the impact and scale of the incident An initial breach evaluation, containment and recovery plan needs to be put into action quickly based on the following:

1. What is the scale and extent of the breach? 2. Are some systems operating normally? 3. Do we need to take steps to limit or constrain the breach? 4. What resources are required to limit the damage and recover quickly? 5. What is the best way to recover from the breach taking into account: a.) Risks b.) Impact c.) Timescales d.) Business damage i. Reputational ii. Commercial iii. Legal

March 2018 SP008_Data Breach Incident Response Plan v1

1


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.