IN THIS LESSON

Organization establish a formal process for identifying, analyzing, responding to, and recovering from security incidents. This includes:

continuously monitoring for security incidents and assessing their potential impact on the organization's objectives
determining the appropriate response actions
incorporating lessons learned from ongoing incident response activities into security incident response procedure on an ongoing basis.

We recommend implementing 8 incident management (IM) controls to meet SOC 2 requirements:

IM 1: A formal incident management process is established and implemented which requires security incidents to be tracked, documented and resolved in a complete, accurate, and timely manner. The process document is reviewed by management on an annual basis and updated as required.
IM2: The organization provides external users with mechanisms to report security issues, incidents and concerns
IM3: All incidents related to security are logged, tracked and communicated to affected parties. Incidents are resolved in a timely manner in accordance with the formal incident management processes.
IM 4: The on-call security resource monitors the submissions of security issues and triages issues accordingly. If a bug is deemed to be legitimate, Security informs the relevant engineers and the bug is tracked to resolution.
IM 5: Management has established defined roles and responsibilities to oversee the implementation of security policies including incident response.
IM 6: Management incorporates lessons learned from ongoing incident response activities into security incident response procedure on an ongoing basis.
IM 7: Disaster recovery plans (including restoration of backups) have been developed and tested annually. Test results are reviewed and consequently contingency plans are updated.
IM 8: Business continuity plans have been developed and tested annually. Test results are reviewed and consequently contingency plans are updated.

Lesson 1: Understand SOC 2 Requirements