Incident Response Plan
Sakatta Inc. Incident Response Plan
The Sakatta Inc. Incident Response Plan (IRP) is designed to identify resources to quickly and efficiently
respond to information security breaches. Security Beaches will be defined as:
Level 1: Customer Personally Identifiable Information (PII), company critical information, personal safety
issues, physical intrusion into the building.
Level 2: Company private information, non-PII customer information.
Level 3: All other cases.
Team Members/Roles and Responsibilities:
Network Administrator: Monitors network for incidents and/or potential intrusions.
System Administrator: Monitors all Sakatta Inc. systems, both in-house and on AWS.
Exenta System administrator: Monitors the Exenta system audit logs.
Exenta System Developer: Engaged as needed for Exenta application details.
Information Technology Director: Incident Response Team manager/coordinator/internal and external
communications.
Incident Notification
When an incident is discovered, the Incident Response Team will be alerted vi in-person, email, pager
and/or phone call.
Response Requirements, Resolution Times and Communication:
The scope of incident response, anticipated resolution time and communication is dependent upon the
level of the security breach and will be as follows:
Level 1: The Incident Response Team will assemble within 30 minutes of incident detection. This level of
incident has the potential to cause extreme damage to Sakatta Inc. customers and/or business
functional and reputation. Resolution times may vary depending upon the incident. The goal is
resolution within an hour. In cases where more time is needed, hourly updates will be communicated.
The IT Director will identify the communication targets (including email to Amazon Security at: 3p-
security@amazon.com). Level 1 incidents may be escalated to other internal and external contacts as
needed to ensure data integrity and problem resolution. Examples of Level 1 issues are: Unauthorized
data/application access, unusual billing activity or a denial of service attack.
Level 2: The Incident Response Team will assemble within 1 hour of incident detection. This level of
incident has the potential to cause damage to Sakatta Inc. product development and company
reputation. Resolution times may vary depending upon the incident. The goal is resolution within a
business day. Level 2incidents may be escalated to other internal and external contacts as needed to
ensure data integrity and problem resolution. An example of a Level 2 issues is: Unauthorized release
of company sales figures or production line information.
Level 3: The Incident Response Team will assemble within day of incident detection. This level of
incident has the potential for minimal negative impact on the company and no impact on customers.
Resolution times may vary depending upon the incident. The goal is resolution within one business
week.
Training/Testing:
Once a year, Sakatta Inc. will test the IRP and make any adjustments to the IRP as needed to more
efficiently execute and manage the process.
At least once every six months the IRP will be reviewed by the IT Director and the IR Team.
Post-Incident Briefing:
At the conclusion of each incident, the Incident Response team will analyze the results of the incident
and the IR team response to refine the response and best practices. Feedback will be provided to the
application developers as needed/required to prevent another occurrence on the issue. Remediation
will be monitored and documented in the Sakatta Inc. Incident Report Book.