Incident Response Protocol (IRP)

  • Updated

We follow a 5 step Incident Response Protocol (IRP) adopted from our previous work with Microsoft.

All incidents are triaged as follows:

  1. Detect: First indication of an event or incident (Zendesk ticket created 
by user or TIQ).
  2. Assess: An IT team member assesses the impact and severity of the 
event. Based on evidence, the assessment may or may not result in further escalation to our Technical Director (reassignment of Zendesk ticket as necessary).
  3. Diagnose: Technical investigation includes containment, mitigation, and workaround strategies. If we believe that customer data has been exposed, our partner is immediately notified of any breach and the steps that are being taken to resolve the issue.
  4. Stabilize + Recover: Crisis containment steps such as quarantining impacted systems may occur immediately and in parallel with diagnosis. Longer term mitigations may be planned which occur after the immediate risk has passed.
  5. Close/Post-Mortem: Details of the incident via Zendesk are reviewed with the intention to revise policies, procedures, and processes to prevent a reoccurrence of the event.

Tiq_Ninja-Content_Images_security_incicent.png

Share

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request