1. Introduction
This policy outlines the process for managing and resolving incidents at Howwe Technologies AB. It ensures that incidents are addressed promptly and systematically, minimizing impact and safeguarding data and operations.
2. Types of Incidents
Incidents include, but are not limited to:
System Failures or Outages: Unavailability of critical systems or services.
Loss or Theft: Missing physical or digital assets.
Data Breaches: Unauthorized access, disclosure, or theft of sensitive data.
Unauthorized Access: Attempts to gain or successful access to systems without authorization.
Ransomware: Malicious encryption of files demanding payment.
Social Engineering: Phishing or other manipulative tactics targeting employees.
Malware Incidents: Infection by malicious software.
Accidental Information Disclosure: Unintended exposure of sensitive or confidential information.
Any Security-Related Issues: Any other incidents that compromise security or compliance.
3. Incident Reporting
Step 1: Stop and Contain
Cease any activities that might worsen the situation. Avoid trying to fix the issue before reporting it.
Step 2: Report the Incident
Non-Howwe Employees:
Send an email to [email protected] and notify your Howwe customer contact.
Howwe Employees:
Notify the Chief Product Officer (CPO) or Chief Technology Officer (CTO) via Slack or phone.
Inform your direct manager.
Step 3: Document the Incident
Take detailed notes, including:
What happened and when.
Any steps taken before reporting.
Observed impacts or signs of the incident.
4. Incident Response Process
Ownership
Each incident is assigned a single Incident Owner, responsible for managing the resolution and post-incident review.
The Incident Owner coordinates response efforts, assigns roles, and communicates updates.
Root Cause Analysis
The Incident Owner ensures a root cause is identified as quickly as possible to determine an appropriate resolution path.
Documentation
Maintain a detailed incident log, including:
Timings and descriptions of actions taken.
Information received or discovered.
Internal and external communications.
Avoid sharing Personally Identifiable Information (PII) in logs or communication channels.
Communication
Establish a dedicated communication channel (e.g., Slack) for incident updates.
For incidents affecting customers (e.g., data breaches or system outages):
Notify the default customer contact and/or send in-app messages, depending on the situation.
Use predetermined communication channels where applicable.
External Reporting Requirements
For services involving SSD-compliant clients, incidents with potential impact must be reported to the client within 24 hours of identification.
5. Post-Incident Review (Post-Mortem)
Responsibility
The Incident Owner is responsible for coordinating and delivering the post-incident review.
Contents
The post-incident review should include:
Timeline of Events: Key actions and observations during the incident.
Resolution Actions: What actions were taken to resolve the issue and why.
Preventative Measures: Steps implemented to avoid recurrence of similar incidents.
6. Continuous Improvement
All incidents and post-incident reviews are logged for future reference.
Findings from incidents are incorporated into training programs and security measures to strengthen Howwe’s incident management processes.
7. Contact Information
For questions about this policy or to report an incident, contact:
Email: [email protected]
This updated Incident Management Policy ensures a structured and transparent process for responding to incidents, reducing risks, and maintaining trust. For further details, refer to related policies in the company wiki.
8. Supporting links
1. General Data Protection Regulation (GDPR)
Outlines requirements for reporting and managing data breaches in the EU.
2. NIST Cybersecurity Framework
Guidelines on incident response and root cause analysis.
3. ISO/IEC 27035 – Incident Management
Detailed guidance on managing information security incidents.
4. CERT Guide to Incident Response
Best practices and guidelines for handling and resolving security incidents.
5. ENISA Incident Reporting Guidelines
European Union Agency for Cybersecurity guidelines on incident reporting and response.