POLÍTICA DEL PLAN DE COMUNICACIÓN DE RESPUESTA A INCIDENTES

 

IT-DOC-09

Versión: 2

Fecha de creación: 15/03/2021

Fecha de actualización: 11/05/2026

 

 

 

                       

Table of Contents

 

1.  Definitions 

2.  Incident Communications

2.1   INTERNAL Incident Response  

2.2   Incident Response – CUSTOMER COMMUNICATIONS 

2.3   DISASTER or Continuity COMMUNICATION PLAN  

2.4   Security breach notification - external

2.5   External press releases 

3.  Sample Communication 

 

 

 

 

1. Definitions

Security Incident - any event or set of circumstances that threatens MSC data, sites, employees or customers.

Breach or Compromise - An event that results in unauthorized access or exposure of sensitive data or network compromise. 

Examples:

  • Servers have been accessed from unknown sources and potentially compromising applications.
  • Site defacement - Fraudulent web sites or social media sites

 

2. Incident communications

This document outlines the process and channels used to communicate updates for specific audiences, external customers, internal customers, and remediation resources. This plan needs to be followed for any incident which requires MSC to issue press releases, public announcements, or legal responses.

2.1.  INTERNAL INCIDENT RESPONSE

Purpose:  Provide details and direction to internal MSC employees during remediation of an incident, outage, or technical issues. 

Owner:  IT Coordinator

Audience: Internal MSC Employees, Contractors, Vendors.

 

2.2.  INCIDENT RESPONSE – CUSTOMER COMMUNICATIONS

Purpose: Provides external customers with information about technology issues which may impact MSC customers, such as availability or security posture related to emerging threats.

Owner:  IT Coordinator

Audience: Summary of incident, MSC response, corrective action taken and related dates.

 

2.3.  DISASTER OR CONTINUITY COMMUNICATION PLAN

Purpose: Provide internal employees and contractors with direction and updates during incidents, adverse conditions, or issues, resulting from Declaration of Disaster or Continuity Plan activation.

Owner: IT Coordinator, HR or Legal

Content: Communicate pertinent information to employees and provide direction regarding incidents, continuity, or activation of Disaster Recovery Plans for internal systems or business processes.

 

2.4.  SECURITY BREACH NOTIFICATION- EXTERNAL

Purpose: Provides external customers with information about technology issues, which may impact MSC customers, such as system availability or security posture, related to emerging threats or breaches.

Owner:  IT Coordinator or HR Manager

Content: Summary of MSC’s incident response, action taken and related dates.

 

2.5.  EXTERNAL PRESS RELEASES

Purpose: Provides high level summary of events and vulnerabilities that directly impact MSC business, employees, products, processes, or systems.

Owner: IT Coordinator or HR Manager

Content: General company information

 

3. SAMPLE COMUNICATION

In the event an external communication is required to be sent out the below can be used:

 

MSC Security Advisory and Availability

Known Security Issue:   A security advisory has been published with regards to [Ex. …attacks that can decrypt and/or modify encrypted traffic.  In order for these attacks to be successful, the vulnerability must exist in both the computer server that provides the service and computer or device that accesses the service.]  

We have reviewed our systems and have confirmed that the servers which support MYMSC.com and OneVision   will be patched as part of security best practice.  There will be an outage tonight (add times) while we are updating all MSC software to most current version.]

This advisory will be updated as information and remediation steps are made available. Please refer to this advisory to ensure any necessary steps required to be taken are properly implemented.

MSC Technology

 

End of email template.