RC.RP-06.356

Does your organization create after-action reports following security incidents that document the incident details, response actions taken, recovery procedures, and lessons learned?

Explanation

After-action reports are critical documents that capture the complete lifecycle of a security incident, from detection through resolution, and identify opportunities for improvement. These reports help organizations learn from incidents, refine response procedures, and prevent similar incidents in the future by documenting what happened, how the team responded, what worked well, and what could be improved. An example of acceptable evidence would be a redacted after-action report from a recent security incident that includes sections for incident description, timeline of events, response actions taken, recovery procedures implemented, root cause analysis, and lessons learned with specific recommendations for process improvements.

Implementation Example

Prepare an after-action report that documents the incident itself, the response and recovery actions taken, and lessons learned

ID: RC.RP-06.356

Context

Function: RC: RECOVER
Category: RC.RP: Incident Recovery Plan Execution
Sub-Category: The end of incident recovery is declared based on criteria, and incident-related documentation is completed

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub