Hoppa till huvudinnehåll
Alla samlingarSystemstatus & Driftsäkerhet
Incident Management
Incident Management
Uppdaterad för mer än 3 veckor sedan

1. Introduction

This policy outlines the process for managing and resolving incidents at Howwe Technologies AB. It ensures that incidents are addressed promptly and systematically, minimizing impact and safeguarding data and operations.

2. Types of Incidents

Incidents include, but are not limited to:

  • System Failures or Outages: Unavailability of critical systems or services.

  • Loss or Theft: Missing physical or digital assets.

  • Data Breaches: Unauthorized access, disclosure, or theft of sensitive data.

  • Unauthorized Access: Attempts to gain or successful access to systems without authorization.

  • Ransomware: Malicious encryption of files demanding payment.

  • Social Engineering: Phishing or other manipulative tactics targeting employees.

  • Malware Incidents: Infection by malicious software.

  • Accidental Information Disclosure: Unintended exposure of sensitive or confidential information.

  • Any Security-Related Issues: Any other incidents that compromise security or compliance.

3. Incident Reporting

Step 1: Stop and Contain

  • Cease any activities that might worsen the situation. Avoid trying to fix the issue before reporting it.

Step 2: Report the Incident

  • Non-Howwe Employees:

  • Howwe Employees:

    • Notify the Chief Product Officer (CPO) or Chief Technology Officer (CTO) via Slack or phone.

    • Inform your direct manager.

Step 3: Document the Incident

  • Take detailed notes, including:

    • What happened and when.

    • Any steps taken before reporting.

    • Observed impacts or signs of the incident.

4. Incident Response Process

Ownership

  • Each incident is assigned a single Incident Owner, responsible for managing the resolution and post-incident review.

  • The Incident Owner coordinates response efforts, assigns roles, and communicates updates.

Root Cause Analysis

  • The Incident Owner ensures a root cause is identified as quickly as possible to determine an appropriate resolution path.

Documentation

  • Maintain a detailed incident log, including:

    • Timings and descriptions of actions taken.

    • Information received or discovered.

    • Internal and external communications.

    • Avoid sharing Personally Identifiable Information (PII) in logs or communication channels.

Communication

  • Establish a dedicated communication channel (e.g., Slack) for incident updates.

  • For incidents affecting customers (e.g., data breaches or system outages):

    • Notify the default customer contact and/or send in-app messages, depending on the situation.

    • Use predetermined communication channels where applicable.

External Reporting Requirements

  • For services involving SSD-compliant clients, incidents with potential impact must be reported to the client within 24 hours of identification.

5. Post-Incident Review (Post-Mortem)

Responsibility

  • The Incident Owner is responsible for coordinating and delivering the post-incident review.

Contents

The post-incident review should include:

  1. Timeline of Events: Key actions and observations during the incident.

  2. Resolution Actions: What actions were taken to resolve the issue and why.

  3. Preventative Measures: Steps implemented to avoid recurrence of similar incidents.

6. Continuous Improvement

  • All incidents and post-incident reviews are logged for future reference.

  • Findings from incidents are incorporated into training programs and security measures to strengthen Howwe’s incident management processes.

7. Contact Information

For questions about this policy or to report an incident, contact:

This updated Incident Management Policy ensures a structured and transparent process for responding to incidents, reducing risks, and maintaining trust. For further details, refer to related policies in the company wiki.

8. Supporting links

1. General Data Protection Regulation (GDPR)

Outlines requirements for reporting and managing data breaches in the EU.

https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en

2. NIST Cybersecurity Framework

Guidelines on incident response and root cause analysis.

https://www.nist.gov/cyberframework

3. ISO/IEC 27035 – Incident Management

Detailed guidance on managing information security incidents.

https://www.iso.org/standard/44379.html

4. CERT Guide to Incident Response

Best practices and guidelines for handling and resolving security incidents.

https://us-cert.cisa.gov/incident-handling

5. ENISA Incident Reporting Guidelines

European Union Agency for Cybersecurity guidelines on incident reporting and response.

https://www.enisa.europa.eu/publications/guidelines-for-incident-reporting

Fick du svar på din fråga?