Application security or privacy breach

Security Incident established	Date & Time	Actioned by	Check	Comment
How was the security incident detected?
What is the discovery date?			¨
Briefly describe the security incident (e.g., denial of service, malicious software, ransomware, unauthorised access of SM8 data, unauthorised use of SM8 services, lost or compromised data).			¨
Describe the impact(s) of the security incident.			¨
What was the type of data and amount breached?
How many SM8 information systems and/or services are impacted by the security incident?			¨
Are existing SM8 security controls preventing the security incident from impacting the confidentiality, integrity and availability of SM8 information systems, network resources or data (i.e., firewall is blocking an attack from the Internet)?			¨
Can the security incident be contained by quickly updating an existing SM8 security control (i.e., adding a firewall rule or changing a router’s rule set, limiting user access)?			¨
Are organizations outside of SM8 being impacted by the security incident?			¨
Has the security incident resulted in suspected or confirmed loss, theft or unauthorized access of data transmitted to clients, or stored or processed by SM8? If yes, provide a detailed description.			¨
Has the security incident resulted in suspected or confirmed loss, theft or unauthorized access of “non-public” personal health information transmitted, stored or processed by SM8? If yes, provide a detailed description.			¨

Security Incident Containment	Date / Time	Actioned by	Check
Disabled Access to AWS data or or SM8 client services			¨
Briefly describe all information systems, data and/or network resources whose access was disabled due to the security incident.			¨
For each information system, data and/or network resource, list the time when access to it was disabled.			¨

Information System Backup	Date / Time	Actioned by	Check
Determine last backup was successful and time and date completed?			¨
Were all information systems impacted by the security incident backed up successfully?			o YES o NO	If NO, what was the reason:
Time backup(s) last started.			¨
Time backup(s) last completed.			¨

Security Incident Eradicated	Actioned by	Check	Comment
Names and titles of all persons performing forensics on the impacted information system.		¨
Was the vulnerability(s) that caused the security incident identified?		o Yes o NO	If YES, provide a detailed description:
Describe the validation procedure(s) used to ensure the vulnerability(s) has been mitigated.		¨
Briefly describe the security incident and what actions were taken		¨
How much time and cost was spent responding to the incident?		¨
What did SM8 do well in responding to and managing the incident?		¨
What difficulties were encountered in responding to and managing the incident?		¨
Was there sufficient preparation by SM8 for the incident?		¨
What preparation was not done that should have been?		¨
What additional tools could have helped SM8 better respond to and manage the security incident?		¨
Was communication among SM8 staff and other stakeholders eg. TML and adequate? If not, what could be improved?		¨
Were remediation procedures adequate to prevent future occurrence?		o Yes o No	If No, provide a detailed description:

Person completing this checklist: __________________________

Report sent to:	o	Sm8rthealth	o	Client:

Reviewed by:	o	Client:	o	Phew Group