Incident Management Policy

The Incident Management Policy effectively manages and responds to incidents within Netspective Communications LLC. The Incident Management Policy enables individuals to minimize the impact of incidents on the Netspective Communications LLC’s operations, assets, and stakeholders while ensuring a consistent and coordinated approach to incident response. [FII-SCF-007-MON-01]

Incident Reporting [FII-SCF-007-MON-01.8]

• Personnel are required to promptly report possible or known information security and confidentiality violations to Netspective Communication LLC IT; including the following:
  • Infrastructure incident: any event considered to be a malicious action that causes a failure, interruption, or loss in availability to any Netspective Communication LLC Information Resource.
  • Data incident: any loss, theft, or compromise of Netspective Communication LLC information.
  • Unauthorized access incident: any unauthorized access to a Netspective Communication LLC Information Resource.
• Potential incidents and threats reported from event logging, vulnerability management, and other monitoring activities must be reported to Netspective Communication LLC IT.
• All reported incidents must be assessed by Netspective Communication LLC IT to determine the threat type and activate the appropriate response procedures.

Response Team [FII-SCF-001-GOV-06]

• Incident Response Commander will establish and provide overall direction to an Netspective Communication LLC Incident Response Team (IRT).
• The Incident Response Commander is responsible for overseeing the creation, implementation, and maintenance of an Incident Management Plan.
• Netspective Communication LLC IRT members have pre-defined roles and responsibilities which can take priority over normal duties. Any additional Netspective Communication LLC staff member may be called upon to assist in resolving an incident.
• The IRT will respond to any new threat to Netspective Communication LLC information systems or data following the Incident Management Plan.
• The Incident Response Commander must report the incident to:
  • Netspective Communication LLC Executive Management
  • Any affected customers and or/partners
  • Local, state, or federal law officials as required by applicable statutes and/or regulations.
• The Incident Response Commander or executive management team will coordinate communications with any outside organizations.
• The Incident Management Plan must be tested by the IRT no less than annually.
• The IRT must participate in training activities specific to the organization’s Incident Response Plan at least annually or upon significant change to the organization.