DAC Beachcroft has launched a new online planner to enable organisations to prepare for and manage cyber and data breach incidents.
Accessed via an online portal, the new Breach Response Planner from DAC Beachcroft guides users through a five-step process to identify internal and external incident response teams, establish response protocols and build a breach response plan.
A complete plan is included for those who want an off-the-shelf solution, and may be customised for those who want something more bespoke, according to the law firm.
Hans Allnutt, head of cyber and data risk at DAC Beachcroft, explained: “European data protection regulators recommend that organisations that handle personal data should have a plan in place to respond to security breaches.”
“Our Breach Response Planner helps create that plan. If that organisation then suffers a data breach, all their key stakeholders have immediate access, via the online portal, to the information they need, so that they can respond in a focused, swift and measured manner.”
The five-step process starts with users designating their organisation’s internal breach team, followed by those of their external advisers such as legal counsel, IT forensic investigators and communications experts.
Users can then add the protocols they will follow when responding to the breach, such as the key objectives and the frameworks for classifying the severity of an incident. Once protocols are set, users can then determine their plan as to how they will detect, triage and contain the breach, assess the measures that need to be taken and notify affected parties.
The Breach Response Planner includes links to additional supportive material such as a breach severity risk matrix to assess and categorise a breach, a breach incident log, a breach checklist, useful breach scenario case studies, and a summary of the guidance for reporting a breach under the General Data Protection Regulation.
“Any changes to the plan are made in real time, so it is always up-to-date,” Allnutt added. “Hosting it on an external server means it can be accessed any time, from anywhere and on any device. This is particularly useful should a firm experience a breach.”