Incident Response Policy and SLA template

Incident Response Policy

Purpose

The purpose of this Incident Response Policy is to establish a framework for detecting, responding to, and managing information security incidents effectively. This policy ensures that BTIT can protect its managed application services, minimize the impact of incidents, and maintain compliance with regulatory requirements.

Scope

This policy applies to all employees, contractors, and third-party vendors involved in the management and support of BTIT Managed Application Services.

Policy Statements

1. Incident Detection and Reporting

1.1 Monitoring

  • Implement continuous monitoring tools and processes to detect potential security incidents.

  • Utilize automated systems and manual reviews to identify unusual activities or breaches.

1.2 Reporting

  • Define clear procedures for reporting suspected or confirmed incidents.

  • Specify a point of contact and communication channel for internal and external reporting.

  • Ensure all employees are aware of the reporting procedures through regular training and awareness programs.

2. Incident Response Process

2.1 Incident Classification

  • Classify incidents based on severity and impact, such as low, medium, high, and critical.

  • Define criteria for each classification level to ensure consistent and accurate assessment.

2.2 Response Plan

  • Develop and maintain a formal incident response plan that outlines steps for detecting, analyzing, containing, eradicating, and recovering from incidents.

  • Ensure the response plan includes roles and responsibilities for all involved parties.

  • Provide a copy of the response plan to clients upon request.

2.3 Communication

  • Notify affected customers promptly when an incident that may impact the security of their information or interconnected systems is detected or reported.

  • Maintain regular communication with affected customers throughout the incident response process.

3. Incident Investigation and Resolution

3.1 Evidence Collection

  • Collect and preserve evidence related to the incident, such as time-stamped audit logs and forensic snapshots of virtual machines.

  • Provide customers with access to relevant evidence to enable their investigation.

3.2 Regulatory Cooperation

  • Provide sufficient information to enable customers to cooperate effectively with regulatory bodies, such as the Privacy Commissioner or the Payment Card Industry Security Standards Council (PCI SSC).

3.3 Data and Service Recovery

  • Define the responsibilities for data and service recovery after an incident has occurred.

  • Ensure that recovery procedures are aligned with the customer’s requirements and expectations.

4. Post-Incident Review

4.1 Post-Incident Reporting

  • Share post-incident reports with affected customers to enable them to understand the cause of the incident and make informed decisions about continuing to use the cloud service.

  • Include details on the incident, response actions, and measures taken to prevent recurrence.

4.2 Lessons Learned

  • Conduct a thorough review of each incident to identify lessons learned.

  • Update the incident response plan and processes based on insights gained from the review.

5. Training and Testing

5.1 Staff Training

  • Provide regular training to staff on incident response and management processes to ensure they respond effectively and efficiently to incidents.

  • Ensure training programs are updated regularly to reflect new threats and best practices.

5.2 Regular Testing

  • Test and refine the incident response plan regularly to ensure its effectiveness.

  • Engage customers in testing exercises to validate the plan and ensure alignment with their expectations.

6. Compliance and Integration

6.1 Policy Alignment

  • Ensure that incident response and management procedures map to or fit with the internal policies and procedures of customers.

  • Avoid any actions that might hinder or delay the customer’s ability to manage incidents effectively.

6.2 Insurance, Liability, and Indemnity

  • Specify in the contract the limits and provisions for insurance, liability, and indemnity for information security incidents.

  • Ensure customers review liability and indemnity clauses for any exclusions.

Review and Updates

This Incident Response Policy must be reviewed annually or whenever significant changes occur. Updates to the policy will be communicated to all relevant stakeholders.


 

 

Service Level Agreement (SLA) Template

1. Introduction

This Service Level Agreement (SLA) outlines the commitments, responsibilities, and performance standards for the delivery of BTIT Managed Application Services.

2. Service Commitments

2.1 Availability

  • BTIT guarantees a minimum uptime of 99.9% for managed application services.

  • Scheduled maintenance windows will be communicated in advance and will be scheduled during off-peak hours to minimize disruption.

2.2 Incident Response

  • BTIT will respond to critical incidents within 1 hour of detection.

  • Incident resolution will be prioritized based on the severity and impact of the incident.

3. Incident Management

3.1 Detection and Notification

  • BTIT will monitor services continuously for potential security incidents.

  • Customers will be notified promptly if an incident that may affect the security of their information or interconnected systems is detected.

3.2 Reporting Channels

  • Customers can report suspected information security incidents through designated communication channels, including email and phone.

  • BTIT will provide a specific point of contact for incident reporting.

3.3 Roles and Responsibilities

  • Define the roles and responsibilities of BTIT and the customer during an information security incident.

  • BTIT will manage the initial response, investigation, and resolution of the incident.

3.4 Evidence Access

  • BTIT will provide customers with access to relevant evidence, such as time-stamped audit logs and forensic snapshots, to enable their investigation of the incident.

3.5 Regulatory Cooperation

  • BTIT will provide sufficient information to enable customers to cooperate effectively with regulatory bodies.

3.6 Data and Service Recovery

  • BTIT will define which party is responsible for the recovery of data and services after an incident.

3.7 Post-Incident Reporting

  • BTIT will share post-incident reports with affected customers, detailing the cause of the incident and actions taken.

3.8 Insurance, Liability, and Indemnity

  • The contract will specify limits and provisions for insurance, liability, and indemnity for information security incidents.

4. Performance Metrics

4.1 Response Time

  • BTIT will respond to support requests within the following timeframes:

    • Critical issues: 1 hour

    • High-priority issues: 4 hours

    • Medium-priority issues: 24 hours

    • Low-priority issues: 48 hours

4.2 Resolution Time

  • Target resolution times will be based on the severity of the issue and the impact on customer operations.

5. Customer Responsibilities

5.1 Accurate Information

  • Customers must provide accurate and complete information when reporting incidents.

  • Customers are responsible for maintaining the security of their own systems and networks.

5.2 Cooperation

  • Customers must cooperate with BTIT during incident investigations and resolution processes.

6. Review and Amendments

  • This SLA will be reviewed annually or whenever significant changes occur.

  • Any amendments to the SLA will be communicated to customers in advance.

By adhering to this SLA, BTIT ensures the highest standards of service availability, incident response, and customer support for its managed application services.