A comprehensive and suitable data security incident response plan and a trained incident response team are fundamental parts of an enterprise risk management program.
A data security incident response plan (an “IRP”) is a written plan, comprised of instructions, procedures, protocols and guidelines, designed to enable an organization to respond to, and recover from, various kinds of data security incidents in a way that minimizes resulting harm, reduces recovery time and costs and allows the organization to benefit from lessons learned.
A testing, training and exercise program (“TTX”) helps ensure that the organization’s IRP is up-to-date and the organization’s personnel and information technology systems are in a state of readiness, so that the organization is able to respond to data security incidents in a timely, effective and lawful manner.
In many circumstances, an organization may be under a legal obligation — imposed by statute, contract or generally applicable common law or civil law — to have a suitable IRP and an appropriate TTX. Failure to comply with those legal obligations may expose an organization and its directors and officers to potentially significant financial liability and other adverse consequences.
Read more here.