Versions Compared

Old Version 14

changes.mady.by.user Sezer Bozkurt

Saved on

compared with

New Version 15

changes.mady.by.user Chemwatch IT

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Incident SeverityLevelsCharacteristics (one or more condition present determines the severity)Response TimeIncident ManagerRisk ControlsWho to NotifyPost-Incident Report Required*
High5,4
  1. Threatens to have a significant adverse impact on a large number of systems and/or people (for example, the entire company is affected)
  2. Threatens confidential data 
  3. Adversely impacts our enterprise system or service critical to our operations.
2 hours since identificationOne of 3 Senior I.T. managers
  1. Restrict access to the system and data until resolved.
  1. Other I.T. staff
  2. Customer Service
  3. Technical support/helpdesk staff
  4. All department heads
Yes
Medium3,2
  1. Adversely impacts a moderate number of systems and/or people.
  2. Adversely impacts a non-critical enterprise system or service
  3. Adversely impacts a departmental system or service, such as a file server
  4. Disrupts a building network
4 hoursOne of 3 Senior I.T. managers
  1. Consider restricting access to the system and data until resolved.
  1. Other I.T. staff
  2. Customer Service
  3. Technical support/helpdesk staff
  4. All department heads
Yes
Low1
  1. Adversely impacts a very small number of systems or individuals
  2. Disrupts a very small number of network devices or segments
Next
business day		One of 3 Senior I.T. managersNone
  1. Affected individuals
No
N/A"Not Applicable" - used for suspicious activities which upon investigation are determined not to be an IT security incident.


All security incidents/data breaches, High Medium and Low, will be logged in our Planfix system for monitoring.  We have created a dedicated task and pipeline to keep track of incidents as seen in the below screen shot.  All IT team members, and our CTO will be notified when a data breach task is created in Planfix and will be able to follow the progress of the incident through the various stages of this pipeline which is modeled on the notifiable data breaches scheme summary diagram.