Incident Response Plan Availability Guideline

UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data.  The recommendations below are provided as optional guidance for incident response requirements.

Requirement

Printed copies and/or electronic copies of the incident response plan must be accessible to all members of the local incident response team.

Description of Risk

If users and system administrators are not aware of incident response procedures, response will be delayed and evidence can be corrupted or lost, greatly increasing the potential impact of an incident.

Recommendations

Resource proprietors and resource custodians should store Incident Response Plans in easily accessible network locations and ensure that end users as well as system administrators have clear instructions on how to access the documentation. Where electronic copies are difficult for end users or system administrators to access, a hard-copy of the Incident Response Plan should also be printed and stored in a easily accessible and well documented location.

On This Page