Incident Response Policy

The Incident Response policy ensures a consistent and effective approach to managing Security Incidents, including identifying and communicating Security Events and Security Weaknesses. [FII-SCF-013-IRO-01]

• Establish management responsibilities and procedures to ensure a quick, effective, and orderly response to Security Incidents.

• Agree upon the objectives for Security Incident management and ensure that those responsible for Security Incident management understand the Netspective Communications LLC’s priorities for handling Security Incidents.

• Report Security Events quickly through appropriate Git ticketing. [FII-SCF-013-IRO-10]

  Security Testing related Git Tickets

• Require personnel and contractors using the Netspective Communications LLC’s information systems and services to note and report any observed or suspected Security Weakness in systems or services.

• Assess Security Events and decide if they are to be classified as Security Incidents.

• Use knowledge gained from analyzing and resolving Security Incidents to reduce the likelihood or impact of future incidents.

• Define and apply procedures for identifying, collecting, acquiring, and preserving information that can serve as evidence. [FII-SCF-013-IRO-02]
• Communication channels should be established well in advance of a Security Incident. Include all necessary parties in relevant communication. [FII-SCF-013-IRO-07]