SEF-03: Incident Response Plans

PF v1.0 References:

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: BCR-02: Business Continuity Testing.

Control Statement

Establish, document, approve, communicate, apply, evaluate and maintain a security incident response plan, which includes but is not limited to: relevant internal departments, impacted CSCs, and other business critical relationships (such as supply-chain) that may be impacted.

Implementation Guidance

Incident response plans should provide a roadmap for handling incidents involving the organization’s cloud services and the products and services upon which those services rely. These plans should apply whether those dependencies are internal (such as IT, operations, support, and legal) or external (suppliers, vendors, partners, customers, and other third parties).

Auditing Guidance

  1. Examine the policy for adequacy, approval, communication, and effectiveness as applicable to planning, delivery and support of the organization’s Security Incident Management, with respect to timely management.
  2. Examine the processes to identify impacted stakeholders.
  3. Determine if this plan meets stakeholder requirements.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.