Incident Response Plan (IRP) Fifty Five and Five

Last Updated: 15th August 2023

1. Introduction

The purpose of this Incident Response Plan (IRP) is to provide a standardised approach for addressing and managing security incidents affecting Fifty Five and Five Ltd. An incident may range from a minor issue affecting a single system to a major breach with organisationwide implications.

2. Scope

This IRP covers incidents related to all digital assets, systems, and data controlled or processed by Fifty Five and Five Ltd, regardless of where they reside.

3. Incident Definition

An incident is defined as any event that can compromise the confidentiality, integrity, or availability of our systems or data.

4. Roles and Responsibilities

Incident Response Team (IRT): Responsible for managing and mitigating the incident.
Management Team: Responsible for providing guidance and support to the IRT, and communicating with stakeholders.
Employees: Required to report any perceived incidents or vulnerabilities to the IRT.

5. Reporting an Incident

Any suspected incident should be reported immediately to the Incident Response Team at chris.wright@fiftyfiveandfive.com & caitlin.shorricks@fiftyfiveandfive.com

6. Response Procedure

1. Identification:

  • Recognise and acknowledge the incident.
  • Document initial details: who reported it, when, how, potential data/systems affected.

2. Containment:

  • Shortterm: Isolate affected systems to prevent further compromise.
  • Longterm: Determine and implement measures to prevent incident recurrence.

3. Eradication:

  • Find the root cause of the incident.
  • Remove affected components from the environment.

4. Recovery:

  • Validate system functionality.
  • Monitor for signs of weaknesses that could be exploited again.
  • Restore and validate system data from backup.

5. Lessons Learned:

  • Conduct a retrospective of the incident.
  • Document findings, actions taken, and potential areas of improvement.
  • Update policies and procedures as necessary.

 

7. Communication

In the event of an incident, timely and appropriate communication is crucial:

The IRT will communicate internally with relevant teams and management.
If clients’ data or services are impacted, the Management Team will notify the affected clients.
For major incidents, a press release may be required.

8. External Support

In case of incidents requiring external expertise or if the incident has legal implications, relevant thirdparty support, such as cyber forensics experts, legal counsel, or law enforcement, will be contacted.

9. Review and Updates

This IRP will be reviewed at least annually or post any major incident to ensure its effectiveness and relevance.

10. Contact Details

Incident Response Team: chris.wright@fiftyfiveandfive.com & caitlin.shorricks@fiftyfiveandfive.com
Management Team: barnaby.ellis@fiftyfiveandfive.com & stephen.reilly@fiftyfiveandfive.com