Does your organisation have a documented Incident Response Plan?

We adopt a 5-stage approach to handling any incidents:

• Preparation

• Detection

• Triage and analysis

• Containment and neutralisation

• Post-incident learning

This includes recording of incidents in our Events, Incidents and Weaknesses Register.
We have documented Application Incident Response Procedures and a Business Continuity Plan.
Where an incident impacts on personal data, we also utilise a documented Data Breach Reporting Procedure.

We aim to fix any production issues within the following time span:

P1 - 4 hours

P2 - 24 hours

P3 - 48 hours

P4 - prioritised accordingly on backlog