BIZOPS-33 – Incident Response Team

What is this control really about?

This control is focusing on implementing an incident response team solely responsible for monitoring cyber security incidents, attacks and responding to these incidents.

Ideally, an incident response team is composed of a leader, communication liaison, a lead investigator, legal representative and analysts. In a small company, this could be one dedicated personnel responsible for monitoring and following up on incidents.

Available tools in the marketplace

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• Best practice from NIST on Incident Response Plan

What is required to implement this control?

First, a designated personnel or set of personnel must be identified.

Secondly, a process must be documented that includes the following at a minimum:

• Roles and responsibilities: this section must include the names and roles of the designated personnel
• Communication:  this section should describe the communication process for ensure that the organization is properly informed about incidents
• Investigation: this section should describe the process for investigating events and performing in depth evaluation
• Recovery: this section should describe the process for containing, eradicating and recovering from an incident

What evidence is the auditor looking for?

• Provide your documented Incident Response Team Charter or procedure

An example of what an artifact can look like

1. Provide our documented Incident Response Team Charter or procedure

Link to template