We follow a 5 step Incident Response Protocol (IRP) adopted from our previous work with Microsoft.
All incidents are triaged as follows:
- Detect: First indication of an event or incident (Zendesk ticket created by user or TIQ).
- Assess: An IT team member assesses the impact and severity of the event. Based on evidence, the assessment may or may not result in further escalation to our Technical Director (reassignment of Zendesk ticket as necessary).
- Diagnose: Technical investigation includes containment, mitigation, and workaround strategies. If we believe that customer data has been exposed, our partner is immediately notified of any breach and the steps that are being taken to resolve the issue.
- Stabilize + Recover: Crisis containment steps such as quarantining impacted systems may occur immediately and in parallel with diagnosis. Longer term mitigations may be planned which occur after the immediate risk has passed.
- Close/Post-Mortem: Details of the incident via Zendesk are reviewed with the intention to revise policies, procedures, and processes to prevent a reoccurrence of the event.