How to Talk About Incident Response Management
Blog summary [5-minute read]
- Communicating with stakeholders to set consistency
- Incident intake communication best practices
- Defining successful incident intake
Watch the webinar here or read more below.
The Privacy Collective is back in 2021. Our guest, Victor Maciel, Director of Global Data Privacy & Protection Raymond James, joined the inaugural 2021 session to discuss a myriad of incident intake challenges. From incident variety to the obstacles impugning a thorough investigation, and the role of organization-wide training, Maciel’s experience in privacy brought a wealth of information to the conversation and shed light on how communication can improve incident response management.
For newcomers, The Privacy Collective is an outgrowth of RadarFirst’s work over the years to create a forum for privacy leaders to share insights and grow stronger together. Staying up-to-date on the latest from Privacy’s leading minds or accessing our backlog of conversations is as simple as subscribing to TPC.
Incident Response Communication
Corporate environments are very complex and as such, their incident response plans can be complicated. A large firm may have many legal subsidiaries all dealing with their own shapes, sizes, and flavor of incidents with different regulatory pressures affecting them each. According to Maciel,
“It’s very difficult to tailor a one-size-fits-all process when you may have a threat surface to your organization that is incredibly broad.”
However, incident intake can be streamlined by having open communication with healthy dialogue between departments. One tip Maciel offered for improving timelines is to invite stakeholder teams to assess an incident. From IT and infosec to operations team members, and PR, even having business liaisons or risk management present helps translate what incidents mean for the business.
Whether you have a regulatory or contractual obligation, the escalation process is critical and the clock is ticking. To find success in these conversations, work together to assess the following:
- Accountability: determine what business lines are affiliated with a particular incident. Is one line occurring incidents that other lines are not?
- Analysis: can you group incidents to find core deficiencies? Is there a root cause?
Having insight into these elements is what executives want to see of incident response management. The goal of this intake process is to achieve repeatability. However, since incidents come in so many shapes and sizes, incident response requires a streamlined and consistent intake process that has the flexibility to allow for unique incident profiles. If this intake method can simultaneously allow for multiple teams to work on different aspects of an incident concurrent with one another, you’d have a home run.
A number of variables create an ever-changing incident threat surface for organizations. When it comes to best practices within incident intake, you can always improve but the work is never over and healthy conversations can help establish a great starting point for incident resolution.
Naturally, incident response conversations happen both internally and externally for organizations. Often, successful incident response includes understanding where the incidents occur within the customer lifecycle.
To achieve optimization among customer communications, training and awareness are critical. Having an accessible incident intake form that is easily understood by employees can help increase incident awareness. It may also be critical to integrate internal ticketing or organizational tools to help identify privacy escalation when necessary.
Internally, start by answering the who, what, when, where, why, and how before you know if an incident will need to escalate to a privacy incident. With sufficient understanding of the incident, you’re able to properly categorize the incident and respond appropriately.
From there, leading with flexibility and project management basics can pave the way for successful incident response conversations. From establishing consistent meetings that circumvent mundane scheduling conflicts or third party involvement, ongoing dialogue can help executives have conversations about the broader impacts incidents have on business.
Defining Successful Conversations
When organizations roll out privacy initiatives, the volume of incidents typically increases on account of the new training and awareness on how to identify, manage and document them. With the implementation of training at the right places, organizations then see the volume of incidents drop. For Maciel, the conversation is the crucial takeaway:
“We don’t measure success in terms of notifications or not. Typically, if you have to notify – you have to notify. If I can answer a stakeholder’s questions and give them comfort that an incident has been handled in the right way, it makes me feel good that we’ve got an incident under control.”
Overall, organizations can improve incident intake and communication with training. By letting teams know there are automated ways to report incidents compliance professionals can start conversations and streamline incident escalation and resolution.
At the end of the day, privacy compliance is all about relationships. It’s easy to focus on processes and metrics, but to find success, you have to be able to reach out to people and sometimes even ask for help. It’s easy to rush into an incident and begin interrogating, but doing so might cause hesitancy among colleagues who are afraid to be the face of an incident for the organization. As Maciel quipped,
“Compliance is a people sport. Develop rapport and you’ll see dividends in your space.”
You might also be interested in:
Topics: Incident Response Management