|
POLÍTICA DEL PLAN DE COMUNICACIÓN DE RESPUESTA A INCIDENTES
IT-DOC-09 Versión: 2 Fecha de creación: 15/03/2021 Fecha de actualización: 11/05/2026 |
![]() |
Table of Contents
1. Definitions
2. Incident Communications
2.1 INTERNAL Incident Response
2.2 Incident Response – CUSTOMER COMMUNICATIONS
2.3 DISASTER or Continuity COMMUNICATION PLAN
2.4 Security breach notification - external
2.5 External press releases
3. Sample Communication
1. Definitions
Security Incident - any event or set of circumstances that threatens MSC data, sites, employees or customers.
Breach or Compromise - An event that results in unauthorized access or exposure of sensitive data or network compromise.
Examples:
- Servers have been accessed from unknown sources and potentially compromising applications.
- Site defacement - Fraudulent web sites or social media sites
2. Incident communications
This document outlines the process and channels used to communicate updates for specific audiences, external customers, internal customers, and remediation resources. This plan needs to be followed for any incident which requires MSC to issue press releases, public announcements, or legal responses.
2.1. INTERNAL INCIDENT RESPONSE
Purpose: Provide details and direction to internal MSC employees during remediation of an incident, outage, or technical issues.
Owner: IT Coordinator
Audience: Internal MSC Employees, Contractors, Vendors.
2.2. INCIDENT RESPONSE – CUSTOMER COMMUNICATIONS
Purpose: Provides external customers with information about technology issues which may impact MSC customers, such as availability or security posture related to emerging threats.
Owner: IT Coordinator
Audience: Summary of incident, MSC response, corrective action taken and related dates.
2.3. DISASTER OR CONTINUITY COMMUNICATION PLAN
Purpose: Provide internal employees and contractors with direction and updates during incidents, adverse conditions, or issues, resulting from Declaration of Disaster or Continuity Plan activation.
Owner: IT Coordinator, HR or Legal
Content: Communicate pertinent information to employees and provide direction regarding incidents, continuity, or activation of Disaster Recovery Plans for internal systems or business processes.
2.4. SECURITY BREACH NOTIFICATION- EXTERNAL
Purpose: Provides external customers with information about technology issues, which may impact MSC customers, such as system availability or security posture, related to emerging threats or breaches.
Owner: IT Coordinator or HR Manager
Content: Summary of MSC’s incident response, action taken and related dates.
2.5. EXTERNAL PRESS RELEASES
Purpose: Provides high level summary of events and vulnerabilities that directly impact MSC business, employees, products, processes, or systems.
Owner: IT Coordinator or HR Manager
Content: General company information
3. SAMPLE COMUNICATION
In the event an external communication is required to be sent out the below can be used:
MSC Security Advisory and Availability
Known Security Issue: A security advisory has been published with regards to [Ex. …attacks that can decrypt and/or modify encrypted traffic. In order for these attacks to be successful, the vulnerability must exist in both the computer server that provides the service and computer or device that accesses the service.]
We have reviewed our systems and have confirmed that the servers which support MYMSC.com and OneVision will be patched as part of security best practice. There will be an outage tonight (add times) while we are updating all MSC software to most current version.]
This advisory will be updated as information and remediation steps are made available. Please refer to this advisory to ensure any necessary steps required to be taken are properly implemented.
MSC Technology
End of email template.
