>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IR-01Incident Response Plan

>Control Description

Organization defines the types of incidents that need to be managed, tracked and reported, including: • procedures for the identification and management of incidents • procedures for the resolution of confirmed incidents • key incident response systems • incident coordination and communication strategy • contact method for internal parties to report incidents • support team contact information • notification to relevant management in the event of a security breach • provisions for updating and communicating the plan • provisions for training of support team • preservation of incident information • management review and approval, annually, or when major changes to the organization occur

Theme

Process

Type

Preventive

Policy/Standard

Incident Management Policy

>Implementation Guidance

1. Prepare, document, and communicate the Incident Response Plan and Incident Management Policy and ensure that the following are documented: a. Procedures for the assignment of Roles and Responsibilities for the design implementation, maintenance and execution of the incident response plan b. Procedures for the identification and management of incidents c. Procedures for the resolution of confirmed incidents d. Procedures for the restoration of data and business operation e. Incident coordination and communication strategy f. Notification to relevant management in the event of a security breach g. Provisions for updating and communicating the plan h. Provisions for evaluating the effectiveness of incident response i. Post incident resolution including post mortem analysis and lessons learned 2. Ensure that a process exists to periodically review the changes which displays revision history of the Incident Response Plan.

>Testing Procedure

1. Inspect the Incident Response Plan and Incident Management Policy to determine whether the following are documented: a. Procedures for the assignment of Roles and Responsibilities for the design implementation, maintenance and execution of the incident response plan b. Procedures for the identification and management of incidents c. Procedures for the resolution of confirmed incidents d. Procedures for the restoration of data and business operation e. Incident coordination and communication strategy f. Notification to relevant management in the event of a security breach g. Provisions for updating and communicating the plan h. Provisions for evaluating the effectiveness of incident response i. Post incident resolution including post mortem analysis and lessons learned 2. Review the changes which displays revision history of the Incident Response Plan.

>Audit Artifacts

E-IR-01
E-IR-02
E-IR-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
12

ID.RA-4
PR.IP-9
RS.RP-1
RS.CO-3
RS.CO-2
RS.CO-1
+6 more

CIS Controls
4

17.1
17.4
17.8
17.9

ISO 27002:2022
3

5.24
5.27
5.28

FedRAMP Rev 5
6

IR-04
IR-06
IR-07
IR-08
IR-04 (01)
IR-09 (03)

PCI DSS
1

12.10.1

HIPAA Security Rule
2

164.308(a)(6)(i)
164.308(a)(6)(ii)

SOC 2
2

CC7.4
CC7.5

BSI C5
3

COS-01
SIM-01
SIM-05

TX-RAMP
4

IR-4
IR-6
IR-7
IR-8

Ask AI

Configure your API key to use AI features.