diff --git a/source/standards/incident-management.html.md.erb b/source/standards/incident-management.html.md.erb index e76a2978..7b145301 100644 --- a/source/standards/incident-management.html.md.erb +++ b/source/standards/incident-management.html.md.erb @@ -1,6 +1,6 @@ --- title: How to manage technical incidents -last_reviewed_on: 2023-04-26 +last_reviewed_on: 2023-11-20 review_in: 6 months --- @@ -8,9 +8,11 @@ review_in: 6 months GDS incident management focuses on restoring normal operations quickly with minimal impact on users. +Technical incidents may also be cyber security or data loss incidents. You must report all suspected or actual cyber security incidents to the COD Cyber Security team and to the GDS Information Security team. You must report all actual or suspected data breach incidents to the GDS Information Management team. These requirements should be included in your service manual/guides/processes. Check the GDS Wiki for current contact details. + ## Define incident priority -Define incident priority levels for your service’s applications. For example potential incidents include: +Define technical incident priority levels for your service’s applications. For example potential incidents include: - system access problems - wider technical failures with possible reputational impact to GDS @@ -56,7 +58,7 @@ Establish who your incident lead is. Find out who noticed the problem and if any #### 2. Inform your team -Inform your team using your chosen tool, like [Slack](https://gds.slack.com). If the incident involves a data or security breach, notify the Cyber Security team who’ll help you manage the incident. Contact them using the [#cyber-security-help Slack channel](https://gds.slack.com/messages/CCMPJKFDK/). +Inform your team using your chosen tool, like [Slack](https://gds.slack.com). If the incident involves a data or security breach, notify the relevant team(s) who’ll help you manage the incident. You can use the [#cyber-security-help Slack channel](https://gds.slack.com/messages/CCMPJKFDK/) to contact COD Cyber. #### 3. Prioritise the incident @@ -141,7 +143,7 @@ Notify escalation contacts of all high priority incidents (P1/P2). [Support Oper **Report cyber security incidents** -The incident lead must inform the National Cyber Security Centre (NCSC) of any category 1, 2 or 3 incidents. The NCSC defines security incidents in its [categorisation system prioritisation framework](https://www.ncsc.gov.uk/news/new-cyber-attack-categorisation-system-improve-uk-response-incidents). +The incident lead, guided by the Information Security team, must inform the National Cyber Security Centre (NCSC) of any category 1, 2 or 3 incidents. The NCSC defines security incidents in its [categorisation system prioritisation framework](https://www.ncsc.gov.uk/news/new-cyber-attack-categorisation-system-improve-uk-response-incidents). Depending on the incident, the NCSC may be able to provide technical support.