Organizational Security Policy

Policy is the First Step in Implementing Cybersecurity

Incident Response

POL.IR.L2-3.6.1

CLIENT shall establish an operational incident-handling capability for organizational operations that includes preparation, detection, analysis, containment, recovery, and response activities.

Planet Security, Inc. shall incorporate CLIENT system incident-handling capability for the CLIENT CPE/SPE environment that includes preparation, detection, analysis, containment, recovery, and response activities into their existing process.

POL.IR.L2-3.6.2

CLIENT incident response team shall track, document, and report operational incidents to the executive management who will determine if further internal and/or external reporting is necessary and to whom. Initial notification to the executive management shall be within one hour of incident discovery.

The Planet Security, Inc. incident response team shall track, document, and report verified CPE/SPE incidents pertaining to the respective CLIENT organization within 24 hours hour of incident positive verification.

POL.IR.L2-3.6.3

CLIENT shall test the operational incident response capabilities using simulated incident findings at least annually. Results shall be reported to the executive management within a reasonable time frame, not to exceed one week after the conclusion of the testing methodology. Signed copy of the test shall be remitted to Planet Security, Inc. support engineers on the day that it is delivered to the CLIENT executive management so that it may be filed appropriately to support a potential future audit discovery.

For questions regarding this Information Security Policy, please reach out to your Planet Security, Inc. Support Engineers using Signal.