Help & Support

INCIDENT RESPONSE PLAN (IRP)

1. INTRODUCTION
This Incident Response Plan outlines the procedures to be followed in the event of an incident affecting the operations, security, or integrity of Timetabling Solutions.

Incidents affecting our ability to deliver our services in a physical office or training centre will be dealt with by our

Continuity of Service Plan - Professional Services.

Incidents regarding actual or potential data breaches will be dealt with by our

Data Breach Response Plan.

This plan aims to ensure a swift and effective response to incidents while minimizing their impact on our business and clients.

2. INCIDENT CLASSIFICATION

Critical Incident:
An incident that severely impacts business operations compromises sensitive data or poses a significant security threat.

Major Incident:
An incident that disrupts normal operations or compromises non-sensitive data.

Minor Incident:
An incident with minimal impact on operations or data security.

3. INCIDENT RESPONSE TEAM

Incident Manager:

The General Manager coordinates the incident response efforts and oversees the resolution process.

Technical Team:

The Director of Software is responsible for investigating and resolving technical issues associated with the incident.

Communication Team:

The Office Manager is responsible for internal and external communication regarding the incident, including notifying stakeholders and clients as necessary.

4. INCIDENT RESPONSE PROCESS:

a. Detection and Reporting:

Incidents may be detected through automated monitoring systems, employee reports, or client complaints.  Employees are encouraged to report any suspicious activity or incidents promptly to the Incident Manager or Technical Team.

b. Initial Assessment:

The Incident Manager will conduct an initial assessment to determine the nature and severity of the incident.  Based on the assessment, the incident will be classified as critical, major, or minor.

c. Response and Containment:

The Incident Manager will activate the appropriate response team(s) based on the incident classification. Technical teams will work to contain the incident, mitigate further damage, and restore normal operations. Communication teams will notify internal stakeholders, clients, and regulatory bodies as required.

d. Investigation and Analysis:
The technical team will conduct a thorough investigation to determine the cause and extent of the incident. Forensic analysis may be performed to collect evidence and identify potential vulnerabilities.

e. Resolution and Recovery:
Once the incident is contained, efforts will focus on resolving the issue and restoring affected systems or services. If necessary, data will be restored using backups, and security measures will be implemented to prevent similar incidents in the future.

f. Documentation and Review:
All actions taken during the incident response process will be documented for review and analysis. Lessons learned will be used to improve incident response procedures and enhance overall security posture.

5. COMMUNICATION PROTOCOL

Clear and timely communication is essential during incident response.

Internal communication will be coordinated through designated channels, such as Microsoft Teams, or meetings. The communication team will manage external communication, including social media posts, status page posts, website notifications, emails, and direct client communication.

6. TRAINING AND AWARENESS:

Regular training sessions will be conducted to ensure employees know their roles and responsibilities during incident response. Employees will be educated on common security threats, incident detection techniques, and reporting procedures.

7. ESCALATION PROCEDURES:

In the event of a critical incident or if the initial response efforts are unsuccessful, the Incident Manager may escalate the issue to external experts for assistance.

8. TESTING AND MAINTENANCE:

The incident response plan will be tested through tabletop exercises and simulated incidents. Based on lessons learned from testing and real-world incidents, the plan will be updated and revised.

9. INCIDENT RECOVERY AND BUSINESS CONTINUITY:

Following the resolution of an incident, we will make efforts to assess any impact on business operations and implement measures to ensure continuity.

10. PLAN, REVIEW AND REVISION:

This Incident Management/Response Plan will be reviewed annually and updated as necessary to reflect changes in technology, business processes, or regulatory requirements.