Skip to main content
Incident Management
Updated over 2 months ago

Types of Incidents:

  • System failure or outage

  • Loss or theft

  • Data breach

  • System access

  • Ransomware

  • Social Engineering

  • Malware incidents

  • Unauthorized access

  • Accidental information disclosure

  • Any other security or incident related issues

Incident Reporting

Step 1: What do I do?

First stop what you're doing, do not take any further action that might make the incident worse. Immediately contact the relevant people, see below.

Step 2: Who do I contact?

  • If non-Howwe employee:

  • If Howwe employee:

    • Contact CPO or CTO on Slack and/or phone, then contact your manager.

Take note and describe the incident in detail. Create a log with what happened and when it happened.

Incident Response

First a clear owner must be assigned. Special responsibilities that go outside of the standard workflow will be communicated by the incident owner. It's of the outermost importance that a clear communication channel is made where important updates can be shared.

A root cause must be determined as quickly as possible in order to find a resolution path.

Incident details and log

A detailed log should be kept that includes, but not limited to, timings and descriptions of each step that was taken, what information was received or discovered, internal and external communications made etc. This is very important for the post-incident review (a.k.a., post mortem). Do not share Personally Identifiable Information (PII) in any of the communication channels or in the log.

Ownership

There can only be one owner of an incident and an incident can only be marked as resolved by the owner. Further the owner of an incident is also responsible for the post-incident review.

Incident communication

Communication during an incident is of outermost importance. Any important updates should be communicated in the appropriate Slack channels. Some types of incidents also require us to contact the company’s customers, most notably (but not limited to data breaches, system outages, unauthorized access and system failures. If given, the company would communicate via a predetermined communication channel (if provided to us by the customer) via the default contact person and/or in- app messages depending on the situation.

Post-Incident Review (a.k.a. Post-Mortem)

As mentioned, the incident owner is responsible for the coordination and sending out the post-incident review. The post-incident review should contain a timeline of events, a description of what actions that were taken with a brief explanation of why, and what steps were taken to avoid the same/similar issues in the future. The template are provided for employees in the company’s wiki.

Did this answer your question?