editione1.0.0
Updated October 9, 2023All incidents should be documented. This documentation serves as a historical record of the incident and the activities resulting from it.
Documentation should contain at a minimum:
a timeline of events
example notifications and alerts that triggered the event
communications sent from and received by the incident response team.
This documentation is useful for audits, and when faced with similar incidents or disasters in the future. It’s always easier to handle a situation if you have the notes of how it was handled last time.
important Be prepared, you may be required to provide a summary of this documentation for distribution to customers, with sensitive details redacted.
While this is rare, remember that your customers are conscious of the risks when using your products and services, and they may choose to request further information if they think the risk has changed.
Whether you are planning to respond to incidents or disasters, there are a few common challenges and mistakes that companies make. Check out this list and make sure you and your team don’t fall into the same traps.
Downloading a template and not customizing it to your environment. An auditor comes by one day and does some snooping around. They ask where your incident response plan is and you look sheepishly for an exit, quickly downloading a template from the internet, and passing it over for review.
We’ve all done it. I don’t judge, but using a template that wasn’t built for your team can be more distracting and dangerous than helpful when faced with a real event.
Your plan doesn’t need to be fancy. There is no prize for design or how many syllables you use per word. An ugly, misspelled plan that is built for your team, systems, and environment with realistic scenarios is perfect.
Not testing your plan in a realistic range of scenarios. No matter how young or old your company is, there are many, many ways that an incident or disaster can unfold. Some of them happen to all companies at some point, whereas some are very specific to what your company does.
For example, a fire is a normal disaster scenario in office buildings, but a chemical spill would be a disaster scenario only found in companies handling hazardous chemicals.
No matter what your business is, it’s crucial that you list all the possible incident and disaster scenarios you could face and test your plan and playbooks for each of them. While it’s unlikely you will do this all at once, having a test every couple of months, each covering a new scenario, can get you a very long way to being prepared for anything.