CYBER & DATA RISK

Breach Response Planner

02 DAC BEACHCROFT Breach Response Planner

INTRODUCTIONEuropean data protection regulators recommend that organisations which handle personal data should have a breach response plan in place. Failure to have a plan in place, could mean that the organisation is ill-prepared to respond to data security breaches and comply with legal reporting requirements. A breach response plan will therefore help avoid financial sanctions, data subject claims and reputational damage.

Aimed at risk managers, legal counsel, data protection and security professionals, the DAC Beachcroft Breach Response Planner provides a step-by-step guide to building a practical plan for managing data breaches and other cyber incidents. The planner includes helpful tips and default content that can be easily customised. Your plan is easily and securely accessed at any time, from anywhere, on any device. It connects all your key stakeholders and empowers them to adopt a best-practice breach response.

KEY OBJECTIVES FOR HAVING A RESPONSE PLAN

The DAC Beachcroft Breach Response Planner will help your organisation:

O Draft a bespoke breach response plan;

O Comply with regulatory guidance;

O Centrally manage your internal and external response teams;

O Maintain an external repository of key stakeholder contact details;

O Identify escalation methods and reporting lines; and

O Set review and testing controls.

Contact us

For more information or to schedule a demonstration of the DAC Beachcroft Breach Response Planner, please contact:

+44 (0) 207 894 6088 BreachPlanner@dacbeachcroft.com

The DAC Beachcroft Breach Response Planner is Software As A Service (SaaS) and is available on an annual subscription basis.

03Breach Response Planner DAC BEACHCROFTBreach Response Planner

Here you can detail the key individuals who form the internal breach response team, their contact details and, in the case of the most important roles, their responsibilities. Examples of the type of people/teams you would typically see in this category are the Internal Breach Manager, Deputy Breach Manager, Executive Management, Head of HR, Head of PR/Media, Head of IT and the Legal and Risk teams. The portal allows you to enter as many categories and people as you see fit.

Depending on the severity of the breach, the plan provides for an escalating scale from Bronze, Silver to Gold, building the internal breach response team with greater resource and seniority in the organisation.

5 STEP APPROACHThe Breach Response Planner consists of five steps which will ensure that your plan is tailored to your organisation.

Internal Response Team (IRT)

Breach Incident Manager Human Resources

Compliance / Risk Management Information Security

JOE BLOGGSjoebloggs@dacbeachcroft.com | +44 777 777 7777

joebloggs@dacbeachcroft.com | +44 777 777 7777

JOHN SMITHjohnsmith@dacbeachcroft.com | +44 777 777 7777

johnsmith@dacbeachcroft.com | +44 777 777 7777

JOHN SMITHjohnsmith@dacbeachcroft.com | +44 777 777 7777

JOE BLOGGSjoebloggs@dacbeachcroft.com | +44 777 777 7777

External Response Team (ERT)

Affected individuals notifications & call centre External legal advisor

PR AdviserJOE BLOGGSjoebloggs@dacbeachcroft.com | +44 777 777 7777

DAC BEACHCROFT LLP

HANS ALLNUTThallnutt@dacbeachcroft.com | +44 773 932 2457

DAC BEACHCROFT LLP

PATRICK HILLphill@dacbeachcroft.com | +44 773 869 5563

PR Adviser

JOHN SMITHjohnsmith@dacbeachcroft.com | +44 777 777 7777

1 Internal Breach Team

Here you detail the key people who form the external breach response teams, their contact details and, in the case of the most important roles, their responsibilities. The type of experts you would see in this grouping would be for example; IT Forensic Investigators, Affected Individual Notification & Call Centre, Insurer or Broker, Credit/ID Monitoring, the firm’s Breach Coach, PR and, finally, your external Legal Advisor.

2 External Breach Response Teams

These are your “rules of the road” that will apply when responding to a breach. For example, your key objectives, frameworks for classifying the severity of an incident and guidelines for internal and external communications during a breach.

3 Establish Protocols

Step 3: Establish Protocols Protocols help set the ‘rules of the road’ that will be adopted when responding to incidents and data breaches. They should include the methods of communications your team will use in response to incidents, as well as key definitions and meanings so your team is talking the same language.

3.1 Response Objectives• Specify the frequency with which your organisation will review and update its Breach Response Plan.• Detect, identify, control and resolve security incidents and personal data breaches and document the same.• Mitigate financial loss caused by security incidents and personal data breaches.• Mitigate logistical damage to systems and networks.• Mitigate impact on individuals (customers/clients, employees, members of the public).• Mitigate any legal and regulatory exposure. • Establish there are reasonable protections in place to safeguard personal and financial data.• Evaluate and improve pre-breach preparedness.

3.1 RESPONSE OBJECTIVES

3.2 KEY DEFINITIONS

3.3 INCIDENT SEVERITY CLASSIFICATIONS

3.4 RESPONSE TEAM GROUPS

3.5 INTERNAL COMMUNICATIONS REGARDING INCIDENTS

3.6 EXTERNAL COMMUNICATIONS REGARDING INCIDENTS

Step 3Establish Protocols DEFINE PROCEDURES

STEP 4 STEP 5DEFINE UPKEEP FREQUENCY

STEP 2STEP 1ENGAGE EXPERTSIDENTIFY TEAM

The plan itself. This consists of four stages:

O Detection of breach;

O Triage and containment;

O Assessment; and

O Notification and evaluation.

4 Define The Firm’s Procedures

Step 5 sets out the frequency for the plan to be tested and reviewed. These regularly scheduled review and test meetings should be carried out by senior management.

5 Define Upkeep Frequency

04 DAC BEACHCROFT Breach Response Planner

ADDITIONAL BENEFITS

Real time management

Accessible on the go

Useful documents

There are a number of useful documents, you can download, including:

O Breach Response Checklist: A checklist that details the 5 stages a firm should go through, in the event of a breach.

O Breach Severity Matrix: A guide to assessing and categorising a breach. You can tailor the factors and scoring, depending on your own requirements and the types off incidents and breaches that your organisation expects to deal with.

O Breach Incident Log: Completing the Breach Incident Log will assist with GDPR compliance and provide a record of the breach for internal and external audit.

O GDPR Personal Data Breach Notification Guidance: Guidance on the thresholds for reporting personal data breaches under the GDPR.

O Breach case studies: Breach scenarios to help your organisation practice their breach response plan.

As the Breach Response Plan is hosted on an external server your plan will always be accessible, even in the event of a cyber incident. Your plan can be accessed at any time, from anywhere, on any device.

Changes made to your plan are made instantaneously. As well as automatically updating, the plan will notify anyone who is added as a member of the internal or external response teams.

The Internal Breach Manager, the Deputy Internal Breach Manager and all members of the Executive Management team have the permissions to manage the rotation of teams. They can reassign roles, add new categories and amend the firm’s protocols and procedures, as well as provide and remove access. They can also add external response teams – experts who will support the firm in the event of an incident.

There is no limit to the number of people and categories you can have within both the internal and external response teams.