Search...Ctrl+K
The purpose of this cyber incident response plan ("IRP") is to provide a structured and systematic incident response process for all information security incidents (as defined in Section 4.4) that affect any of RigConcierge, LLC's ("RigConcierge") information technology ("IT") systems, network, or data, including RigConcierge's data held or IT services provided by third-party vendors or other service providers.
(a) Define RigConcierge's cyber incident response process and provide step-by-step guidelines for establishing a timely, consistent, and repeatable incident response process.
(b) Assist RigConcierge and any applicable third parties in quickly and efficiently responding to and recovering from different levels of information security incidents.
(c) Mitigate or minimize the effects of any information security incident on RigConcierge, its users, customers, employees, or others.
(d) Help RigConcierge consistently document the actions it takes in response to information security incidents.
(e) Reduce overall risk exposure for RigConcierge.
(f) Engage stakeholders and drive appropriate participation in resolving information security incidents while fostering continuous improvement in RigConcierge's information security program and incident response process.
This IRP applies to all RigConcierge business groups, divisions, and subsidiaries. If any; their employees, contractors, officers, and directors; and RigConcierge's IT systems, network, data, and any computer systems or networks connected to RigConcierge's network.
RigConcierge may, from time to time, approve and make available more detailed or location or work group-specific plans, policies, procedures, standards, or processes to address specific information security issues or incident response procedures. Those additional plans, policies, procedures, standards, and processes are extensions to this IRP.
RigConcierge has designated Alex MacDonald to implement and maintain this IRP (the "information security coordinator").
Among other information security duties, as defined in RigConcierge's information security policy ("ISP"), the information security coordinator shall be responsible for:
(a) Implementing this IRP.
(b) Coordinating activities, including developing, maintaining, and following appropriate procedures to respond to, appropriately escalate, make decisions regarding, and document identified information security incidents (see Section 6).
(c) Conducting post-incident reviews to gather feedback (if any) on information security incident response procedures and address any identified gaps in security measure (See Section 6.5).
(d) Reviewing this IRP at least annually, or whenever there is a material change in RigConcierge's business practices that may reasonably affect its cyber incident response procedures (see Section 7).
Violations of or actions contrary to this IRP may result in disciplinary action, in accordance with RigConcierge's information security policies and procedures and human resources policies.
The terms defined below apply throughout this IRP:
Confidential information means information as defined in RigConcierge's ISP, available upon contacting Alex MacDonald, that may cause harm to RigConcierge or its users, employees, or other entities or individuals if improperly disclosed, or that is not otherwise publicly available.
Personal information means any information relating to an identified or identifiable natural person/individually identifiable information as defined in RigConcierge's ISP, available upon contacting Alex MacDonald, that RigConcierge owns, licenses, or maintains and that is from or about an individual including, but not limited to (a) first and last name; (b) home or other physical address, including street name and name of city or town; (c) email address or other online information, such as a user name and password; (d) telephone number; (e) government-issued identification or other number; (f) financial or payment card account number; (g) date of birth; (h) health information, including information regarding the individual's medical history or mental or physical condition, or medical treatment or diagnosis by a health care professional, created or received by RigConcierge; and (i) any information that is combined with any of (a) through (h) above.
Information security incident means an actual or reasonably suspected (a) loss or theft of confidential or personal information; (b) unauthorized use, disclosure, acquisition of or access to, or other unauthorized processing of confidential or personal information that reasonably may compromise the privacy or confidentiality, integrity, or availability of confidential or personal information; or (c) unauthorized access to or use of, inability to access, loss or theft of, or malicious infection of RigConcierge's IT systems or third party systems that reasonably may compromise the privacy or confidentiality, integrity, or availability of confidential or personal information or RigConcierge's operating environment or services.
The incident response personnel consists solely of Alex MacDonald at this moment, and he is responsible for responding to information security incidents. Alex MacDonald is also considered the information security coordinator for the purposes of this IRP.
Alex MacDonald is responsible for:
(a) Addressing information security incidents in a timely manner, according to this IRP.
(b) Managing internal and external communications regarding information security incidents.
(c) Reporting his findings to applicable authorities, as appropriate.
(d) Reprioritizing other work responsibilities to permit a timely response to information security incidents on notification.
(a) RigConcierge recognizes that following initial escalation, the information security incident response process is often iterative, and the steps defined in Sections 6.2 through 6.5, may overlap or Alex MacDonald may revisit prior steps to respond appropriately to a specific information security incident.
(b) RigConcierge may, from time to time, approve and make available more specific procedures for certain types of information security incidents. Those additional procedures and checklists are extensions to this IRP.
RigConcierge shall develop, implement, and maintain procedures to detect, discover, and assess potential information security incidents through automated means and individual reports.
(a) Automated Detection. RigConcierge shall develop, implement, and maintain automated detection means and other technical safeguards.
(b) Reports from Employees or Other Internal Sources. Employees, or others authorized to access RigConcierge's IT systems, network, or data, shall immediately report any actual or suspected information security incident to Alex MacDonald. Individuals should report any information security incident they discover or suspect immediately and must not engage in their own investigation or other activities unless authorized.
(c) Reports from External Sources. External sources who claim to have information regarding an actual or alleged information security incident should be directed to Alex MacDonald. Employees who receive emails or other communications from external sources regarding information security incidents that may affect RigConcierge or others, security vulnerabilities, or related issues shall immediately report those communications to Alex MacDonald and shall not interact with the source unless authorized.
(d) Assessing Potential Incidents. RigConcierge shall assign resources and adopt procedures to timely assess automated detection results, screen internal and external reports, and identify actual information security events. RigConcierge shall document each identified information security incident with initial details.
RigConcierge shall develop, implement, and maintain procedures to contain any data or cybersecurity breaches, and remediate and recovery the data if possible.
For each identified information security incident, Alex MacDonald shall determine and direct appropriate internal and external communications and any required notifications.
(a) Notifications. While Alex MacDonald may choose to authorize discretionary communications, certain laws, regulations, and contractual commitments may require RigConcierge to notify various parties of some information security incidents. If applicable to a specific information security incident, as required Alex MacDonald shall:
(i) Authorities. Notify applicable regulators, law enforcement, or other authorities.
(ii) Affected Individuals. If an applicable breach of personal information occurs, prepare and distribute notifications to affected individuals.
(iii) Cyber Insurance Carrier. Notify RigConcierge's cyber insurance carrier according to the terms and conditions of its current policy, including filing a claim, if appropriate.
(iv) Others. Notify users or business partners according to current agreements.
At a time reasonably following each identified information security incident, the information security coordinator, or a designate, shall assess the incident and RigConcierge's response.
(a) Follow-Up Actions. The information security coordinator shall monitor and coordinate completion of any follow-up actions.
RigConcierge will review this IRP at least annually, or whenever there is a material change in RigConcierge's business practices that may reasonably affect its cyber incident response procedures. Plan reviews will also include feedback collected from post-incident reviews and training and testing exercises. The information security coordinator must approve any changes to this IRP and is responsible for communicating changes to affected parties.
Send any suggested changes or other feedback on this IRP to Alex MacDonald.
This IRP is effective as of January 15th, 2025.
(a) Original publication: January 15th, 2025.