Incident Response Policy for Server Deployment Issues

• Table of Contents

  • EDC Inc Incident Response Policy for Server Deployment Issues
  • 1. Policy Statement
  • 2. Scope
  • 3. Roles and Responsibilities
  • 4. Incident Response Procedure
  • 5. Change Management
  • 6. Training and Awareness
  • 7. Review and Update
  • Summary

EDC Inc Incident Response Policy for Server Deployment Issues

This policy outlines the procedures and responsibilities of EDC Inc’s departments in responding to server deployment issues. It is designed to ensure a coordinated, effective, and efficient response to incidents that may impact the company’s operations, security, or reputation.

1. Policy Statement

EDC Inc is committed to maintaining the integrity, availability, and confidentiality of its information systems. This includes the servers that support our business operations. In the event of a server deployment issue, EDC Inc will respond promptly and effectively to minimize disruption and damage.

2. Scope

This policy applies to all EDC Inc employees, contractors, and third-party service providers who are involved in managing, operating, or using the company’s servers. It covers all servers, whether physical or virtual, located on-premises or in the cloud.

3. Roles and Responsibilities

• IT Server Operations: Responsible for the day-to-day operation of servers, including OS patching every 30 days or as approved by IT Security through an “IT Exception”.
• IT Server Build Operations: Responsible for the deployment of new servers and the resolution of deployment issues.
• IT-SOC (Incident Management): Responsible for coordinating the response to server deployment issues, including communication with other departments and stakeholders.
• Corporate Physical Security: Responsible for the physical security of on-premises servers.
• IT Security Operations: Responsible for the security of servers, including approving “IT Exceptions” for OS patching.
• IT Monitoring Operations: Responsible for monitoring server performance and alerting relevant departments to potential issues.
• IT Database Operations: Responsible for the operation and security of databases hosted on servers.
• IT Audit and Compliance: Responsible for ensuring compliance with this policy and other relevant regulations and standards.

4. Incident Response Procedure

When a server deployment issue is detected, the following procedure will be followed:

• The issue is reported to IT-SOC, either by IT Monitoring Operations or another source.
• IT-SOC logs the issue in the CMDB and assigns a severity level based on the potential impact on business operations and security.
• IT-SOC notifies the relevant departments, including IT Server Build Operations, IT Server Operations, and IT Security Operations.
• IT Server Build Operations investigates the issue and develops a plan to resolve it.
• The resolution plan is reviewed and approved by IT-SOC and IT Security Operations.
• IT Server Build Operations implements the resolution plan.
• IT Monitoring Operations verifies that the issue has been resolved and reports back to IT-SOC.
• IT-SOC updates the CMDB and closes the incident.

5. Change Management

All changes to servers, including deployment and patching, must be approved by the Change Audit Board (CAB). The CAB includes representatives from IT Server Operations, IT Security Operations, and IT Audit and Compliance. Changes must be documented in the CMDB.

6. Training and Awareness

All EDC Inc employees, contractors, and third-party service providers involved in managing, operating, or using the company’s servers must be aware of this policy and their responsibilities under it. Training will be provided as necessary.

7. Review and Update

This policy will be reviewed and updated annually, or more frequently if necessary, to ensure it remains effective and relevant. The review will be conducted by IT Audit and Compliance, in consultation with other relevant departments.

Summary

This Incident Response Policy for Server Deployment Issues outlines the procedures and responsibilities for responding to server deployment issues at EDC Inc. It ensures a coordinated, effective, and efficient response to incidents that may impact the company’s operations, security, or reputation. The policy applies to all employees, contractors, and third-party service providers involved in managing, operating, or using the company’s servers. It is essential that all relevant parties are aware of this policy and their responsibilities under it.