Pillsbury Law > Crisis Management Resource Center > Crisis Management Resources > Checklists > Security Breach Preparation and Response Action Plan: Six Steps to an Effective Response
Crisis Management Resource Center
This links to the home page
Checklists

Security Breach Preparation and Response Action Plan: Six Steps to an Effective Response


The following six steps can help you prepare for, plan and implement your response in the event of a data security breach.
 
1. Implement a schedule for regular reviews. 
It is essential that your company periodically verify security systems and backup/archives as well as review privacy policies to ensure compliance. 

2. Form an incident response team. 
Your team should include people inside and outside of your company, as well as law enforcement officials and regulators. These individuals should be notified immediately when a breach occurs. 

3. Have a basic response kit ready. 
This kit should include a notice letter, a frequently asked questions sheet and a press release. 

4. Engage in discovery and investigation. 
You will need to analyze each system, determine the nature and scope of the data breach, and document the sequence of intrusion and the remedial steps taken. It may be necessary to engage a forensic consultant to preserve evidence of the event. Determine with your IT professionals and consultants whether and to what extent to shut down your system and preserve the system image and logs. 

5. Issue notification for consumers. 
Depending on the state, you may need to provide notice to consumers that a breach occurred. Additional notices to regulatory agencies may be required, as well as notice to consumer reporting agencies. 

6. Conduct a postmortem review. 
Be prepared to review and revise vendor contracts, policies, basic documentation and your written response plan. In addition, plan to evaluate your overall response effort, soliciting feedback from those affected and conducting a careful analysis of press coverage.