Question HFIH-02

Do you either have an internal incident response team or retain an external team?

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe your timeline for implementing such a process for response and reporting.

Answering "YES"

Summarize your incident response and reporting processes.

Reason for Question

The ability for the vendor to investigate security incidents is of the utmost importance. Reviewing alerts but then taking no action is not security, only compliance. Incident reports and indications of compromise must be reviewed by qualified staff and they must have the capability to investigate further, as needed.

Follow-Up Inquiries

If the vendor does not have an incident response plan, direct them to the NIST Computer Security Incident Handling Guide at https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final (opens in a new tab)

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]