Standardising Data Breach Response Plan – The State of the Art

Adopting a standard doesn’t mean just methodology understanding, it also implies testing. Every time that you adopt a standard, it helps to identify also documentation on how to test the real-world application of that standard.  There are the test procedures, there are the expected outcomes, and there are remediation actions. If you test it, you know exactly what to do if something goes wrong. The simple fact of the matter is that standards need to contribute to an actionable plan – if they don’t they’re useless. Think about these questions “Hey, this is amazing, but what does it mean in reality? Which goals can I achieve with this stuff? How good are these goals? How can I measure the results”. If you are not able to find appropriate answers through the adopted standard, that’s not a successful implementation of a standard. Once again therefore using standards from a reputable body is of paramount importance.

What do organisations need to do?

You need to prepare a plan. You need to ensure that the data breach response plan can be summarised in a specific sequence of actions and reactions to be performed by dedicated teams in order to produce results. If you cannot build a plan then you’re not adopting a standard successfully. It’s important that privacy professionals ensure that they are doing everything possible to make sure that their organisations are prepared for the worst-case scenarios in order to avoid breaches, and of course to preserve and defend corporate assets.

Next, you need to test your data breach response plan! Responding to a breach or privacy violation is a matter of continuous learning in a trial-tune-and-repeat methodology.

Finally, you need also dedicated technology to help you track and execute your plan. Too many times organisations are focused on identifying standards, building auditable processes, fully compliant with regulations and at end of the day they fail in rolling them out to “real life”, which is the business as usual. Adopting a specific incident response platform to foster execution of your action plan is critical to your success.  An immense plus is when this platform has been tailored by design on relevant standards in data breach and privacy violation response.

Implement standards for your data breach response plan

Data breaches are growing day by day and even the largest companies, with all the countermeasures fall prey to data breaches. You need to plan, prepare, and test your data breach response plan. Adoption of standards can strongly facilitate achieving effectively all these goals, securing the legal implications.

The real benefit of adopting a standard lies in leveraging the experience of other professionals who have studied and worked in the same area where you are facing issues.

Implementing a standard will help your organization meet its contractual obligations and allow you, and your organisation to emerge from a threat situation as strong, if not stronger than when you went in.

In a sentence “Standards help you react faster, better and compliant with regulations, to protect your privacy and data”.

Last but not least, remember, fighting with breaches there are only two possible answers: to win or….to learn!


Leave a Reply

Please Login to comment
  Subscribe  
Notify of

Follow CPO Magazine