Incident Response Plan
Breakout Learning Inc.
Purpose
This security incident response policy establishes controls to detect security vulnerabilities and incidents and ensure quick reaction and response to security breaches. It provides implementing instructions for security incident response, including definitions, procedures, responsibilities, and performance measures (metrics and reporting mechanisms).
Scope
This policy applies to all users of information systems within Breakout Learning Inc., including employees, contractors, and external parties interacting with systems and information controlled by Breakout Learning Inc.
Background
Breakout Learning Inc’s Information Security Program focuses on detecting information security vulnerabilities and responding rapidly to any incidents or breaches. The organization is committed to protecting employees, customers, and partners by containing, investigating, resolving, and communicating information related to any breach.
Roles and Responsibilities
- Chief Information Security Officer (CISO):
Responsible for the implementation, maintenance, and effectiveness of the Incident Response Plan.
Policy
- All users must report any system vulnerability, incident, or event pointing to a possible security incident within 24 hours via email at support@breakoutlearning.com or by filling out the Report a security vulnerability or incident form under Technical Support.
- Incidents are tracked through the Jira Service Management portal to monitor status and follow-ups.
- Users who report incidents can track the status of their reports via the portal at https://breakoutlearning.atlassian.net/servicedesk/customer/portals.
- All information security incidents are handled using the incident management procedures defined in this policy.
Periodic Evaluation:
The Incident Response Plan is periodically reviewed for effectiveness, and employees are trained on incident reporting procedures. Annual tests are conducted to validate the plan.
Follow-up Tracking Mechanism
Breakout Learning Inc. uses the Jira Service Management portal to track the status and resolution of all reported incidents. This system tracks:
- The status of the incident (open, in progress, closed).
- The timeline of incident handling, including the time taken for resolution.
- Post-incident actions, including root cause analysis and preventative measures.
- Users can track the progress of their reported incidents via https://breakoutlearning.atlassian.net/servicedesk/customer/portals.
Reporting Incidents
The following events must be reported as information security incidents:
- Breaches of information integrity, confidentiality, or availability.
- Uncontrolled system changes or software/hardware malfunctions.
- Access violations or system behavior anomalies indicating a security attack or breach.
For cloud service customers, mechanisms are in place to ensure that incidents can be reported and tracked by both Breakout Learning Inc. and the cloud service provider.
Incident Response Procedures
When an information security incident is identified:
- Report Incident:
Users must notify their immediate manager within 24 hours. The manager will notify the CISO through the Jira Service Management portal or via the Report a security vulnerability or incident form under Technical Support. - Preliminary Investigation:
Within 48 hours, the ISM will assess the incident, determine its severity, and initiate the appropriate response based on its severity (high, medium, low). - Preserve Evidence:
All evidence (e.g., logs, files, screen captures) is preserved for further investigation and potential use in legal proceedings. - Resolve Incident:
The ISM oversees the resolution of the incident, restoring systems and ensuring updated security measures are in place. - Post-Mortem:
A post-incident analysis is conducted to determine the root cause and implement preventative measures.
Post-Incident Activities
- Incident Documentation:
All incidents are documented in detail within the Jira Service Management portal, including severity level, root cause, evidence, mitigation actions, and any disclosures to external parties. - Communications Plan:
For high- or medium-severity incidents, the ISM works with senior leadership to develop and execute a communications plan to inform affected users, customers, and the public, as necessary.
APPENDIX A: Security Incident Report Template
Field |
Details |
Reported by |
[Name, Contact Information] |
Organization Details |
[Type, Address, Affected Entities] |
Incident Date & Time |
[Date, Time] |
Brief Summary of Incident |
[Description of Incident] |
Systems Affected |
[Details of Affected Systems] |
Action Taken |
[Steps for Mitigation and Remediation] |
Root Cause Analysis |
[Findings and Future Prevention] |
Revision History
Version |
Date |
Editor |
Approver |
Description of Changes |
1.1 |
2024/10/01 |
Nikita Rogatnev |
Joshua Oster-Morris |
Standardized role titles across all relevant policies, replacing previous variations |
1.0 |
2024/01/01 |
Joshua Oster-Morris |
Jake Shepherd |
Initial version |