Respond Response Planning
We develop incident response plans, outlining steps to take in the event of a security incident.
Communications
We have a communication plan to inform appropriate stakeholders during a security incident.
Analysis
We conduct incident analyses to determine scope, impact, and root cause.
Improvements
We apply ‘lessons learned’ from security incidents to improve future incident response capabilities.
Controls: • Regular incident response plan review with annual table-top exercises to test effectiveness.
Recover Recovery Planning
We have developed plans and procedures to response affected systems and assets to normal operations.
Improvements
We identify opportunities for improving recovery capabilities.
Lessons Learned
We host post-incident reviews to analyze the effectiveness of the recovery process and identify areas for improvement.
Communications
We inform stakeholders about the recovery process and its progress.
Controls: • Quarterly joint IT and risk management meetings held to have formal retrospective of any incidents or near misses. • Developed ‘playbooks’ to handle various recovery scenarios.
60 | RICHARDSON INTERNATIONAL SUSTAINABILITY REPORT 2022
Made with FlippingBook interactive PDF creator