Question HLIH-01
Do you have a formal incident response plan?
Weight | 40 |
High Risk | Yes |
Required | Yes |
Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
State plans to formalize an incident response plan.
Answering "YES"
Summarize or provide a link to your formal incident response plan.
Reason for Question
The ability for the vendor to respond effectively (and quickly) to a security incident is of the utmost importance. The size of a vendor's security office will determine their capabilities during a security incident, but the incident response plan will oftentimes determine their effectiveness. Use the knowledge of this response when evaluating other vendor statements, particularly when discussing degraded operation states.
Follow-Up Inquiries
If the vendor does not have an incident response plan, direct them to the NIST Computer Security Incident Handling Guide at https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final (opens in a new tab)
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]