- Corporate Security
- Governance, Risk and Compliance
- Information Security
The purpose of Incident Management within Resolver’s hosted platform is to properly handle security incidents and security incident management.
The scope is limited to Resolver’s hosted platform’s customer-facing infrastructure and includes:
All departments that maintain or handle Confidential Information – either Customer Information or Internal Resolver Confidential Information including Resolver’s Intellectual Property, have implemented the following processes:
If a data breach has occurred or is suspected employees are instructed to notify their supervisor, the Manager of DevOps and CISO. In the event, neither the Manager of DevOps or CISO are reachable the VP Engineering and CEO are to be immediately notified.
Detection and Analysis
Mechanisms in place include:
Suspected security incidents have unique tickets created in Resolver’s ticketing system and are analyzed to verify/validate that a security incident has occurred, is occurring, or will occur. Ticket ownership remains in the DevOps team and includes classification, location, and likelihood.
The Incident Commander is responsible for internal communications. External customer communication is the responsibility of the Director of Customer Service.
Containment and Lockdown
Once a security incident has been validated, DevOps is responsible for coordinating the containment of the incident using whatever means is necessary to limit and contain customer impact.
Once a security incident has been contained, eradication is necessary to eliminate components of the incident, such as removing malicious code or disabling compromised user accounts. Changes to the environment follow the urgent change control process.
Review and Damage Assessment
The DevOps team and all involved will meet and review what went well, and what can be improved in the handling of the security incident.
Questions to be addressed during the meeting will include:
Page was last updated: May 2016