HFIH-03

Do you have the capability to respond to incidents on a 24 x 7 x 365 basis?

Explanation

This question is asking whether your organization has the capability to respond to security incidents at any time of day, any day of the week, throughout the entire year without interruption. Why it's being asked: - Security incidents can occur at any time, including nights, weekends, and holidays - Delayed response to security incidents can significantly increase damage and data loss - Organizations with mature security programs need to demonstrate they can respond promptly regardless of when an incident occurs - Many compliance frameworks and regulations require timely incident response capabilities The question specifically focuses on 'capability' rather than just having a policy. This means you need actual mechanisms in place (like on-call rotations, 24/7 SOC, or managed security service providers) that enable your organization to detect, analyze, and respond to security incidents around the clock. When answering this question, you should: 1. Clearly state whether you have 24x7x365 incident response capabilities 2. Describe the specific mechanisms that enable this capability 3. Mention any relevant response time commitments (SLAs) 4. Note any third-party services that augment your capabilities 5. Reference relevant documentation like your incident response plan

Example Responses

Example Response 1

Yes, our organization maintains 24x7x365 incident response capabilities through multiple mechanisms We operate a fully-staffed Security Operations Center (SOC) with three rotating shifts that provide continuous coverage Our incident response team uses a tiered on-call rotation system with primary and secondary responders available at all times, supported by PagerDuty for automated alerting Critical security alerts are configured to notify on-call personnel via SMS, phone calls, and email We maintain a 15-minute acknowledgment SLA and 1-hour response time for critical security incidents Our incident response plan documents these procedures, and we conduct quarterly tests of our after-hours response capabilities to ensure effectiveness.

Example Response 2

Yes, we provide 24x7x365 incident response capabilities through a hybrid model During business hours (8am-6pm local time), our internal security team handles incident response Outside of business hours, we augment our capabilities with a contracted Managed Security Service Provider (MSSP) that provides continuous monitoring and initial response capabilities The MSSP has authority to contain certain types of incidents immediately and will escalate to our on-call security staff for incidents requiring deeper investigation or business decisions This arrangement ensures we maintain a 30-minute response time for critical incidents regardless of when they occur We review MSSP performance quarterly and conduct joint incident response exercises twice yearly.

Example Response 3

No, we currently do not have full 24x7x365 incident response capabilities Our security team operates during standard business hours (9am-5pm Eastern Time, Monday-Friday), with limited after-hours coverage through an on-call rotation system for critical alerts only Weekend and holiday coverage is minimal, with team members checking email periodically but not maintaining continuous monitoring We recognize this as a gap in our security program and are actively working to address it Our roadmap includes implementing a follow-the-sun support model with our international offices and evaluating MSSP options to provide comprehensive coverage We expect to achieve full 24x7x365 coverage within the next 6 months.

Context

Tab: Infrastructure
Category: Incident Handling