Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SOP Request] Handling a Data Breach #16

Open
2 tasks done
M-casado opened this issue Jul 15, 2024 · 0 comments
Open
2 tasks done

[SOP Request] Handling a Data Breach #16

M-casado opened this issue Jul 15, 2024 · 0 comments
Labels
enhancement New feature or request new-sop-request Label assigned to issues requesting a new GDI SOP

Comments

@M-casado
Copy link
Collaborator

SOP topics

Data protection & security

SOP type

Node-specific

SOP Title

Handling a Data Breach

Detailed Description

  1. Detection and Identification:

    • Methods for detecting potential data breaches.
    • Initial assessment to confirm a breach has occurred.

  2. Containment and Mitigation:

    • Immediate actions to contain the breach and mitigate its effects.
    • Isolation of affected systems and data.

  3. Investigation and Analysis:

    • Steps to investigate the breach and analyze its impact.
    • Identification of compromised data and affected systems.

  4. Notification and Reporting:

    • Internal notification procedures.
    • When and how to report the breach through the "Reporting a data breach" SOP.

  5. Recovery and Remediation:

    • Steps to recover affected systems and data.
    • Remediation actions to prevent future breaches.

  6. Documentation and Record-Keeping:

    • Documentation requirements for the breach and response actions.
    • Record-keeping standards for future reference and compliance.

  7. Communication:

    • Communication strategies with stakeholders, including affected individuals and regulatory bodies.
    • Templates for breach notifications.

Motivation

Currently, there is no standardized procedure for handling data breaches within GDI nodes. If not addressed, it could lead to inconsistent responses, prolonged recovery times, and increased risk of data loss or exposure. A standardized SOP will ensure that all nodes handle breaches in a consistent and efficient manner, reducing potential harm, ensuring that GDI is quick and ready to react to these scenarios.

Existing Procedures or References

  • Existing node-specific procedures for data security incidents.
  • Relevant sections from the GDI proposal.
  • Related SOP: Reporting a Data Breach.

Impact

This SOP will ensure that data breach responses are consistent and secure across all GDI nodes, reducing the risk of data loss, exposure, and non-compliance with regulatory requirements. All GDI nodes using this SOP will benefit from a standardized procedure, making them ready to react to data breaches.

Stakeholders

  • 1+MG Management Board
  • GDI Coordination Committee
  • IT security team
  • Node administrators
  • Node members of OC/SDPC

Additional Information

Consider including specific examples of data breach scenarios and how the SOP should be applied in those cases. Also, outline the training requirements for staff to ensure they are familiar with the SOP and can execute it effectively.

Requester GDI role

Yes

Requester GDI Node

EMBL-EBI

Confirmation

  • I have searched the existing SOPs and this request does not duplicate an existing SOP.
  • I understand that submitting this request does not guarantee the creation of the SOP.
@M-casado M-casado added enhancement New feature or request new-sop-request Label assigned to issues requesting a new GDI SOP labels Jul 15, 2024
@M-casado M-casado mentioned this issue Jul 15, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request new-sop-request Label assigned to issues requesting a new GDI SOP
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@M-casado