Written Incident Response Plan
Our plan is designed to help you promptly respond to, and recover from, any security event materially affecting the confidentiality, integrity, or availability of customer information in the dealership's control.
Rule Requirement
314.4 (h)
Establish a written incident response plan designed to promptly respond to, and recover from, any security event materially affecting the confidentiality, integrity, or availability of customer information in your control. Such incident response plan shall address the following areas:
The goals of the incident response plan;
(1) The internal processes for responding to a security event;
(2) The definition of clear roles, responsibilities, and levels of decision-making authority;
(3) External and internal communications and information sharing;
(4) Identification of requirements for the remediation of any identified weaknesses in information systems and associated controls;
(5) Documentation and reporting regarding security events and related incident response activities; and
(6) The evaluation and revision as necessary of the incident response plan following a security event.
Our Service
Mosaic Compliance Services provides Written Incident Response Plan documentation included in your WISP.