<- Legal Center

Incident Response & Escalation

Last Updated

The Security Incident Response Plan provides a systematic incident response process for all Information Security Incidents that affect any of Haystack's information technology systems, network, or data, including data held or services provided by third-party vendors or other service providers. This plan applies to all Haystack assets utilized by personnel acting on behalf of Haystack or accessing its applications, infrastructure, systems, or data. All personnel are required to read, accept, and follow all Haystack policies and plans.

Haystack intends for this plan to:

  • Define the security incident response process and provide step-by-step guidelines for establishing a timely, consistent, and repeatable incident response process.
  • Assist Haystack and any applicable third parties (including vendors and partners) in quickly and efficiently responding to and recovering from different levels of information security incidents.
  • Mitigate or minimize the effects of any information security incident on Haystack, its customers, employees, and others.
  • Help Haystack consistently document the actions it takes in response to information security incidents.

An “Information Security Incident” means an actual or reasonably suspected unauthorized use, disclosure, acquisition of, access to, corruption of, deletion, or other unauthorized processing of sensitive information that may compromise the privacy, confidentiality, integrity, or availability of that information.

Management

Haystack has a Security Response Team (SRT) consisting of predetermined employees from key departments to manage security incidents. The SRT provides timely, organized, informed, and effective responses to information security incidents to:

  • Avoid loss or damage to the Haystack systems, network, and data.
  • Minimize economic, reputational, or other harms to Haystack and its customers, employees, contractors, and partners.
  • Manage litigation, enforcement, and other risks.

The SRT also oversees and coordinates the development, maintenance, and testing of the plan, its distribution, and ongoing updates. The Security Incident Response Plan is activated when a security incident occurs, and the SRT is responsible for evaluating the situation and responding accordingly. Depending on the severity of an incident, the SRT may request engagement from various support teams to assist with the mitigation of the incident. The SRT meets periodically for training, education, and review of the documented plan.

The SRT consists of a core team with representatives from key Haystack groups and stakeholders. The current SRT roster may be contacted at security@haystackteam.com.

Incident Response Process

The process outlined below should be followed by the appropriate staff at Haystack in the event of an Information Security Incident. Haystack assigns resources and adopts procedures to timely assess automated detection results, screen internal and external reports, and identify actual information security events. Each identified Information Security Incident must be documented.

Detection and Reporting

  • Automated Detection: Haystack may utilize automated detection means and other technical safeguards to automatically alert Haystack of incidents or potential incidents.
  • Report from Haystack Personnel: All personnel must report potential security incidents immediately to security@haystackteam.com, providing all available information regarding the potential incident and ceasing use of the affected system until given the okay by the SRT.
  • Report from External Source: External sources, including customers, should report information security incidents to security@haystackteam.com. Employees who receive such communications should report them immediately to security@haystackteam.com and should not interact with the source unless authorized.

Response Procedures

Responding to a data breach involves the following stages:

  1. Verification
  2. Assessment
  3. Containment and mitigation
  4. Post-breach response

All steps must be documented in an incident log or corrective action plan. The data breach response is not purely linear, as these stages often overlap.

  1. Verification: The SRT works with employees and contractors to identify affected systems or hardware and determine the nature of the data involved.
  2. Assessment: The SRT determines the level of response required based on the incident's characteristics and potential risks and impact. This includes assessing affected systems, data, and individuals, and determining whether personally identifiable information was compromised.
  3. Containment and Mitigation: The SRT takes necessary steps to contain the incident, return systems to their original state, and limit further data loss or intrusion. Actions may include taking affected machines offline, segregating systems, and implementing additional technical measures.
  4. Post-Breach Response: Based on the assessment, Haystack will notify affected data subjects and authorities in accordance with applicable laws and regulations, review access controls and policies, and determine actions to strengthen the information security program.

Key Learnings

After the incident is resolved, senior management should meet with the SRT and relevant team members for a post-mortem to understand the incident and determine preventive measures for the future. The retrospective should be documented and key learnings presented to appropriate team members in a timely manner.

Testing

Testing the plan annually ensures its effectiveness and practicality. Any gaps discovered during testing will be addressed by management. Tests must be thoroughly documented and can include:

  • Walkthroughs: Team members review the plan to confirm effectiveness and identify gaps.
  • Table Top Exercises: Simulated incidents to test the plan's effectiveness without interrupting operations.

Exceptions

Haystack business needs, local situations, laws, and regulations may occasionally call for an exception to this policy or any other Haystack policy. Management will determine an acceptable alternative approach if an exception is needed.

Enforcement

Any violation of this policy or other Haystack policies may result in disciplinary action, up to and including termination of employment. Haystack reserves the right to notify law enforcement of any unlawful activity and cooperate in any investigation. Conduct in violation of this policy is not considered within the scope of an employee’s or contractor’s work duties.

Responsibility, Review, and Audit

This plan will be reviewed and tested annually. Updating the plan and revising this document to reflect changes, testing updates, and training personnel are crucial. Test results will be documented and signed off by management, shared internally, and tracked to resolution. Changes will be communicated across the organization.

Mailing Address
1645 Abbot Kinney Suite 202, Venice, CA 90291
Privacy Contact
privacy@haystackteam.com
General Inquiries
hello@haystackteam.com
Legal Contact
legal@haystackteam.com
Haystack
About UsSecurityFounder LetterNewsroomLinkedIn
Product
CommunicationsEventsDirectoryKnowledgeHaystack AIMobile Apps
Features
Universal SearchSecure DeliveryEmergency AlertsFreshness EngineRecognitionGlossary
Solutions
Single Source of TruthEmployee OnboardingFrontline SupportLegacy ReplacementsEmployee EngagementBuilding Culture
Resources
Resource CenterHelp CenterCustomer StoriesRFP BuilderRecorded Demo
Copyright Haystack Team, Inc. 2024
Terms of ServicePrivacy PolicyCookiesGDPR