Hello there!

Need Help? We are right here!

miniOrange Email Support
success

Thanks for your Enquiry.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Incident Response Plan


1. Policy Overview

This policy is based on ISO 27001:2013. This security incident response policy is intended to establish controls to ensure detection of security vulnerabilities and incidents, as well as quick reaction and response to security breaches.

This document also provides implementing instructions for security incident response, to include definitions, procedures, responsibilities, and performance measures (metrics and reporting mechanisms).


2. Scope

This policy applies to all users of information systems within miniOrange. This typically includes employees and contractors, as well as any external parties that come into contact with systems and information controlled by miniOrange (hereinafter referred to as “users”). This policy must be made readily available to all users.


3. Roles and Responsibilities

The acting information security officer and top management team will facilitate and maintain this policy and ensure all employees have reviewed and read the policy.


4. Policy

The policy is defined to ensure that in any event of disruption of business operations, miniOrange will take appropriate actions for the continuity and minimization of impact. miniOrange will also keep a track of such incidents and take preventive measures to minimize the impact of controllable events in future. The incidents are described based on the severity level from high to low.

  • Highest Severity(Level 1)
    A Service failure or severe degradation due to environmental threat so that no one is able to access any business resources. Such events could be:

    • Natural disaster - Floods, Earthquakes,etc.

    • Terrorist Attack

    • Power Failure, Power Spikes, Fire etc.

  • Medium Severity (Level 2)
    Service failure and not being able to access any business resources, information security systems depending on third party suppliers / vendors. Such events could be:

    • Amazon Web Service (AWS) Downtime

    • Google Server Downtime

  • Low Severity (Level 3)
    A service not available due to incidents in the internal network miniOrange. Such events could be:

    • Loss of Data

    • Unauthorized modification/update to Information Processing Facility (Access violations - Breach of information integrity, confidentiality or availability)

    • External Attack in Infrastructure - Phishing, DDOS, Virus, Malware, etc

    • Unexpected Malfunction of the Devices - Incompatible Software installation/updation

A. Impact of Incidents
Impact Analysis of the incidents can be done based on the severity of the incident.

Impact of Highest Severity Events is described in the Business Continuity Policy Document.

Impact of Medium Severity Events could result in the stoppage of business operations completely for miniOrange as well as their customers.

Impact of Low Severity Events could result in the stoppage of only some business activities compromising the Information Security.


B. Incident Logging
All the incidents must be logged before executing the incident response plan. Any stakeholder of miniOrange can report the incident to the top management or to the members of ISMS Team. Top Management can also be informed of incidents with the notifications activities set up for each incident.

  • All employees as trained must report any level of incident to the top management/concerned team within 24 hours.
  • Customers can also report the incidents to the miniOrange anytime with the concerned issues.
  • Incidents must be reported through email, phone call or support ticket to the concerned team/top management with details of the incident.
  • Employees must be trained on the procedures for reporting incidents. Failure to report information security incidents shall be considered to be a security violation and will be reported to the Human Resources (HR) Manager for disciplinary action.
  • Information and artifacts associated with security incidents (including but not limited to files, logs, and screen captures) must be preserved in the event that they need to be used as evidence of a crime.

As soon as the incident is detected the incident is logged by the ISMS Team so other people are aware of the incident. In this case, a document will be prepared and circulated throughout the people. This document will have

Title Description
Incident Summary What’s an emergency ?
Description What is the impact of the incident ? Impact on customers as well.
Fault A Service that is unavailable or faulty.
Affected Products Which products will be affected ?


C. Communication Plan
Communication procedure is extremely important as soon as the incident response plan is executed. It can be done via email or through telephonic conversation. The email will be circulated to all the necessary parties either by the HR/Operations or by the team members depending on the incident. The notification or the email will include type of incident, impact, measures or actions taken post incident and current status of the incident. The communications/notifications will continue until the incident is resolved or taken care of.

Communication with Employees: HR/ Operations/Departmental Team of miniOrange will be responsible for informing all the employees of the miniOrange as soon as an incident is recorded and measures taken to tackle it.

This communication will be done preferably with the formal email or verbal communication if required.

Communication with customers: Customers will be informed by the departmental team members if required. Communication will be done through the formal email. Customers will be notified within 8 hrs of the incident or depending on the severity of the incident.


D. Incident Management
The response plan from miniOrange will be based on the severity and the impact of the incident. The Response Plan for Severity Events will be executed into the 4 Phases described below.

  • Phase 1: Immediate Action
    The ISMS Team will assess the situation based on the severity of the Incident as described above. For Highest Severity (Level 1 ) Business Continuity Plan will be executed. For Medium Severity (Level 2) Service Plan will be executed and Low Severity (Level 3) Generic Plan will be implemented.

  • Phase 2: Testing and Monitoring
    Based on the incident level the response team will monitor all the actions post incident and also make sure key people are informed about the incident and the measures taken.

  • Phase 3: Backup Execution and Post Incident Meeting
    Once all the initial communication has been made to all the departments and the employees, the response team needs to assess the situation and develop the follow-up action plan.

    The Follow Up Action Plan will include an assessment of whether the situation will last one hour, one day, one week or more than one week. Depending on this assessment, different strategies will be drawn up for maintaining business operations to meet the needs of different departments, services, and third parties to ensure the continuation of the business and minimal economic loss.

  • Phase 4: Ongoing Assessment of the Incident
    Response Team will convene in person or online and continually assess the timescale of the situation, keeping all the parties informed and providing for all the business-critical needs. Top Management will continue to meet regularly to keep re-assessing the situation, monitoring the incident response plan and communicating with key stakeholders(Staff, Employees, Top Management, Third Party) until the emergency is resolved or tackled appropriately.


Service Plan

miniOrange information processing is dependent on the Cloud Instances provided by Amazon Web Services. miniOrange uses complete AWS Infrastructure for hosting the applications and maintaining databases. To ensure the continuous operations backup services are automatically maintained by AWS in another Availability Zone. As per the Backup Policy, all the services can be reinitiated from the different zone of AWS.

All the miniOrange employees and clients are informed about the use and the dependency on the AWS.

Any incident at AWS can be tackled through the conventional method described by AWS in their Service Level Agreement. https://aws.amazon.com/compute/sla/

All the affected people will be informed about the status of the incident considering the status of the AWS.

Similarly, miniOrange uses Google Workspace for internal communication, Personal Data Storage Facility or as a communication channel.

Any incident at Google can lead to lack of communication within or outside the organization.

miniOrange uses the Telephonic channel in case the communication channel goes down.

Google offers their services under the following agreement - https://workspace.google.com/terms/sla.html

All the employees will be informed about the status of the incident considering the status of Google.


Generic Plan

Any incidents at AWS can impact miniOrange operations as well as all the business activities. miniOrange has assigned a role of Incident Manager with all the responsibilities and authority for the incident. The Incident Manager is empowered to take any action necessary to resolve the incident, which includes paging anyone in the organization and keeping those involved in an incident focused on restoring the service.

Responsibilities of Incident Manager

  • 1. Incident Manager communicates about the issues/incidents internally and externally or assigns someone to have this communication. So all the people inside or outside the organization must be aware of the impact of the incident and we are working on it.

  • 2. Incident Manager will form the team by bringing members from the other team and paging them into restoration of the services.

  • 3. The Incident Manager will now work with the team and resolve the issues and restore the services. Meanwhile, the Response Team will be providing the status of the incident frequently.

  • 4. As soon as the incident is resolved, the team does the cleanup tasks and reporting of the incident.


E. Incident Records and Reporting
The ISMS Team will also continue to assess the timescale of the situation, keeping all the parties informed and providing all the business critical needs. ISMS Team continue to meet regularly, keep re-assessing the situation, monitoring the incident response plan and communicating with key stakeholders (Employees, Top Management, Third Party) until the emergency is resolved or tackled appropriately.

The ISMS Team will generate the report of the incident in the pre-fixed format with incident details such as start-of-impact time, detection time, and end-of-impact time and the learnings from the incident. The Internal Report will have the recap of the incident, impact of the incident and will have the clear report that the incident has been resolved.

The external report will have services restored in case required by the customers.


F. Review of the Information Security Continuity
The ISMS Team will record and generate the reports of the incident. After every Incident, Incident Response plan will be reviewed to make sure that no such event occurs in the future. Risk Assessment will be conducted to monitor or assess the current setup and changes will be discussed in the review meeting as well as train the employees if required.


Contact List



Team Responsibility
hr@xecurify.com Communication Activities throughout the events.
operations@xecurify.com Take necessary actions for the normal business operations.
info@xeurify.com Implementation of Incident Response Plan