Question HLIH-02
Do you have an incident response process and reporting in place to investigate any potential incidents and report actual incidents?
Weight | 15 |
High Risk | No |
Required | Yes |
Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe your timeline for implementing such a process for response and reporting.
Answering "YES"
Summarize your incident response and reporting processes.
Reason for Question
The ability for the vendor to investigate security incidents is of the utmost importance. Reviewing alerts but then taking no action is not security, only compliance. Incident reports and indications of compromise must be reviewed by qualified staff, and they must have the capability to investigate further, as needed.
Follow-Up Inquiries
If the vendor does not have an incident response plan, direct them to the NIST Computer Security Incident Handling Guide at https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final (opens in a new tab)
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]