IR-01—Incident Response Plan
>Control Description
Theme
Type
Policy/Standard
Incident Management Policy>Implementation Guidance
1. Prepare, document, and communicate the Incident Response Plan and Incident Management Policy and ensure that the following are documented: a. Procedures for the assignment of Roles and Responsibilities for the design implementation, maintenance and execution of the incident response plan b. Procedures for the identification and management of incidents c. Procedures for the resolution of confirmed incidents d. Procedures for the restoration of data and business operation e. Incident coordination and communication strategy f. Notification to relevant management in the event of a security breach g. Provisions for updating and communicating the plan h. Provisions for evaluating the effectiveness of incident response i. Post incident resolution including post mortem analysis and lessons learned 2. Ensure that a process exists to periodically review the changes which displays revision history of the Incident Response Plan.
>Testing Procedure
1. Inspect the Incident Response Plan and Incident Management Policy to determine whether the following are documented: a. Procedures for the assignment of Roles and Responsibilities for the design implementation, maintenance and execution of the incident response plan b. Procedures for the identification and management of incidents c. Procedures for the resolution of confirmed incidents d. Procedures for the restoration of data and business operation e. Incident coordination and communication strategy f. Notification to relevant management in the event of a security breach g. Provisions for updating and communicating the plan h. Provisions for evaluating the effectiveness of incident response i. Post incident resolution including post mortem analysis and lessons learned 2. Review the changes which displays revision history of the Incident Response Plan.
>Audit Artifacts
>Framework Mappings
Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.
Ask AI
Configure your API key to use AI features.