Incident Response

1. Introduction

This document outlines the procedures Speakable will follow in response to the discovery of a data breach or security incident. The goal of this incident response plan is to minimize the impact of security incidents on our organization and ensure a swift and coordinated response.

2. Discovery and Response to Incident

2.1. Reporting an Incident

If someone discovers an incident, they should immediately contact the Incident Response Team Lead via email at andrew@speakableapp.com, with hello@speakableapp.com cc’d with details of the incident such as:

  1. Name of the reporter
  2. Time and date of the report
  3. Contact information of the reporter
  4. Nature of the incident
  5. Equipment or persons involved
  6. Location of equipment or persons involved
  7. How the incident was detected
  8. When the event was first noticed

2.2. Incident Response Team Lead Responsibilities

Upon receiving a report of a security incident, the Incident Response Team Lead will take the following steps:

  1. The Incident Response Team Lead will log the following information: a. Name of the reporter b. Time and date of the report c. Contact information of the reporter d. Nature of the incident e. Equipment or persons involved f. Location of equipment or persons involved g. How the incident was detected h. When the event was first noticed
  2. The Incident Response Team Lead will determine the severity of the incident by considering: a. Is the equipment affected business-critical? b. What is the severity of the potential impact? c. Name of the system being targeted, along with the operating system (if applicable), IP address, and location. d. IP address and any information about the origin of the attack.

2.3. Incident Response

  1. The Incident Response Team Lead will contact the designated incident response team members via email and phone, ensuring that all appropriate personnel and managers are informed.
  2. The incident response team members will convene or communicate over the phone to assess the situation and determine the appropriate response strategy. Key considerations include: a. Is the incident real or perceived? b. Is the incident still in progress? c. What data or property is threatened, and how critical is it?

3. Response Plan Implementation

Once the incident response team has determined the appropriate response strategy, they will proceed with the necessary actions, which may include containment, eradication, recovery, and communication.

4. Communication

The Incident Response Team Lead, as the person responsible for coordinating all external and internal communications related to the incident, will handle notifications to affected parties, customers, regulatory authorities, and legal counsel as necessary.

5. Documentation and Reporting

Throughout the incident response process, all actions taken, decisions made, and communication logs will be documented by the incident response team members.

6. Post-Incident Review

After the incident is resolved, Speakable will conduct a post-incident review to assess the effectiveness of the response and identify areas for improvement in our incident response plan.

This incident response plan is subject to periodic review and updates to ensure its effectiveness in addressing security incidents. Speakable is committed to safeguarding our organization and customer data and responding swiftly to any security threats.