SEF: Security Incident Management, E-Discovery, & Cloud Forensics

Controls

SEF-02: Service Management Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the timely management of security incidents. Review and update the policies and procedures at least annually.

SEF-03: Incident Response Plans

Establish, document, approve, communicate, apply, evaluate and maintain a security incident response plan, which includes but is not limited to: relevant internal departments, impacted CSCs, and other business critical relationships (such as supply-chain) that may be impacted.

SEF-04: Incident Response Testing

Test and update as necessary incident response plans at planned intervals or upon significant organizational or environmental changes for effectiveness.

SEF-06: Event Triage Processes

Define, implement and evaluate processes, procedures and technical measures supporting business processes to triage security-related events.

SEF-07: Security Breach Notification

Define and implement, processes, procedures and technical measures for security breach notifications. Report security breaches and assumed security breaches including any relevant supply chain breaches, as per applicable SLAs, laws and regulations.