UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for incident response requirements.
Requirement
Printed copies and/or electronic copies of the incident response plan must be accessible to all members of the local incident response team.
Description of Risk
If users and system administrators are not aware of incident response procedures, response will be delayed and evidence can be corrupted or lost, greatly increasing the potential impact of an incident.
Recommendations
Resource proprietors and resource custodians should store Incident Response Plans in easily accessible network locations and ensure that end users as well as system administrators have clear instructions on how to access the documentation. Where electronic copies are difficult for end users or system administrators to access, a hard-copy of the Incident Response Plan should also be printed and stored in a easily accessible and well documented location.