RS.MI-02.345

Does your organization have formal agreements in place with third-party security providers to perform incident eradication actions on your behalf?

Explanation

Third-party security providers (such as Managed Security Service Providers) can offer specialized expertise and resources for eradicating security incidents that may exceed internal capabilities. These arrangements should clearly define the scope of authority, procedures, and communication protocols for when and how third parties can take eradication actions within your environment. Evidence of fulfillment could include signed service level agreements (SLAs) with security service providers, documented incident response procedures that specify third-party roles and responsibilities, or authorization matrices showing which third parties have permission to perform specific eradication actions in your systems.

Implementation Example

Allow a third party (e.g., managed security service provider) to perform eradication actions on behalf of the organization

ID: RS.MI-02.345

Context

Function: RS: RESPOND
Category: RS.MI: Incident Mitigation
Sub-Category: Incidents are eradicated

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub