CYBER & DATA RISK
Breach Response Planner
02 DAC BEACHCROFT Breach Response Planner
INTRODUCTIONEuropean data protection regulators recommend that organisations which handle personal data should have a breach response plan in place. Failure to have a plan in place, could mean that the organisation is ill-prepared to respond to data security breaches and comply with legal reporting requirements. A breach response plan will therefore help avoid financial sanctions, data subject claims and reputational damage.
Aimed at risk managers, legal counsel, data protection and security professionals, the DAC Beachcroft Breach Response Planner provides a step-by-step guide to building a practical plan for managing data breaches and other cyber incidents. The planner includes helpful tips and default content that can be easily customised. Your plan is easily and securely accessed at any time, from anywhere, on any device. It connects all your key stakeholders and empowers them to adopt a best-practice breach response.
KEY OBJECTIVES FOR HAVING A RESPONSE PLAN
The DAC Beachcroft Breach Response Planner will help your organisation:
O Draft a bespoke breach response plan;
O Comply with regulatory guidance;
O Centrally manage your internal and external response teams;
O Maintain an external repository of key stakeholder contact details;
O Identify escalation methods and reporting lines; and
O Set review and testing controls.
Contact us
For more information or to schedule a demonstration of the DAC Beachcroft Breach Response Planner, please contact:
+44 (0) 207 894 6088 [email protected]
The DAC Beachcroft Breach Response Planner is Software As A Service (SaaS) and is available on an annual subscription basis.
03Breach Response Planner DAC BEACHCROFTBreach Response Planner
Here you can detail the key individuals who form the internal breach response team, their contact details and, in the case of the most important roles, their responsibilities. Examples of the type of people/teams you would typically see in this category are the Internal Breach Manager, Deputy Breach Manager, Executive Management, Head of HR, Head of PR/Media, Head of IT and the Legal and Risk teams. The portal allows you to enter as many categories and people as you see fit.
Depending on the severity of the breach, the plan provides for an escalating scale from Bronze, Silver to Gold, building the internal breach response team with greater resource and seniority in the organisation.
5 STEP APPROACHThe Breach Response Planner consists of five steps which will ensure that your plan is tailored to your organisation.
Internal Response Team (IRT)
Breach Incident Manager Human Resources
Compliance / Risk Management Information Security
JOE [email protected] | +44 777 777 7777
[email protected] | +44 777 777 7777
JOHN [email protected] | +44 777 777 7777
[email protected] | +44 777 777 7777
JOHN [email protected] | +44 777 777 7777
JOE [email protected] | +44 777 777 7777
External Response Team (ERT)
Affected individuals notifications & call centre External legal advisor
PR AdviserJOE [email protected] | +44 777 777 7777
DAC BEACHCROFT LLP
HANS [email protected] | +44 773 932 2457
DAC BEACHCROFT LLP
PATRICK [email protected] | +44 773 869 5563
PR Adviser
JOHN [email protected] | +44 777 777 7777
1 Internal Breach Team
Here you detail the key people who form the external breach response teams, their contact details and, in the case of the most important roles, their responsibilities. The type of experts you would see in this grouping would be for example; IT Forensic Investigators, Affected Individual Notification & Call Centre, Insurer or Broker, Credit/ID Monitoring, the firm’s Breach Coach, PR and, finally, your external Legal Advisor.
2 External Breach Response Teams
These are your “rules of the road” that will apply when responding to a breach. For example, your key objectives, frameworks for classifying the severity of an incident and guidelines for internal and external communications during a breach.
3 Establish Protocols
Step 3: Establish Protocols Protocols help set the ‘rules of the road’ that will be adopted when responding to incidents and data breaches. They should include the methods of communications your team will use in response to incidents, as well as key definitions and meanings so your team is talking the same language.
3.1 Response Objectives• Specify the frequency with which your organisation will review and update its Breach Response Plan.• Detect, identify, control and resolve security incidents and personal data breaches and document the same.• Mitigate financial loss caused by security incidents and personal data breaches.• Mitigate logistical damage to systems and networks.• Mitigate impact on individuals (customers/clients, employees, members of the public).• Mitigate any legal and regulatory exposure. • Establish there are reasonable protections in place to safeguard personal and financial data.• Evaluate and improve pre-breach preparedness.
3.1 RESPONSE OBJECTIVES
3.2 KEY DEFINITIONS
3.3 INCIDENT SEVERITY CLASSIFICATIONS
3.4 RESPONSE TEAM GROUPS
3.5 INTERNAL COMMUNICATIONS REGARDING INCIDENTS
3.6 EXTERNAL COMMUNICATIONS REGARDING INCIDENTS
Step 3Establish Protocols DEFINE PROCEDURES
STEP 4 STEP 5DEFINE UPKEEP FREQUENCY
STEP 2STEP 1ENGAGE EXPERTSIDENTIFY TEAM
The plan itself. This consists of four stages:
O Detection of breach;
O Triage and containment;
O Assessment; and
O Notification and evaluation.
4 Define The Firm’s Procedures
Step 5 sets out the frequency for the plan to be tested and reviewed. These regularly scheduled review and test meetings should be carried out by senior management.
5 Define Upkeep Frequency
04 DAC BEACHCROFT Breach Response Planner
ADDITIONAL BENEFITS
Real time management
Accessible on the go
Useful documents
There are a number of useful documents, you can download, including:
O Breach Response Checklist: A checklist that details the 5 stages a firm should go through, in the event of a breach.
O Breach Severity Matrix: A guide to assessing and categorising a breach. You can tailor the factors and scoring, depending on your own requirements and the types off incidents and breaches that your organisation expects to deal with.
O Breach Incident Log: Completing the Breach Incident Log will assist with GDPR compliance and provide a record of the breach for internal and external audit.
O GDPR Personal Data Breach Notification Guidance: Guidance on the thresholds for reporting personal data breaches under the GDPR.
O Breach case studies: Breach scenarios to help your organisation practice their breach response plan.
As the Breach Response Plan is hosted on an external server your plan will always be accessible, even in the event of a cyber incident. Your plan can be accessed at any time, from anywhere, on any device.
Changes made to your plan are made instantaneously. As well as automatically updating, the plan will notify anyone who is added as a member of the internal or external response teams.
The Internal Breach Manager, the Deputy Internal Breach Manager and all members of the Executive Management team have the permissions to manage the rotation of teams. They can reassign roles, add new categories and amend the firm’s protocols and procedures, as well as provide and remove access. They can also add external response teams – experts who will support the firm in the event of an incident.
There is no limit to the number of people and categories you can have within both the internal and external response teams.