Payment card industry – Incident response plan

Payment Card Industry – Data Security Standards (PCI-DSS) has requirements for developing an incident response plan. In this article, we are using the PCI-DSS incident response plan requirements as a guide on how to create an implementable plan for responding to a breach of PCI data and all sensitive data within your environment.

The seven critical elements for a PCI compliant incident response plan are as follows:

1.  Roles & responsibilities

Develop a RACI for all the steps within the Incident response process. You will need to include business units impacted by the breach (Sales, Marketing, etc.) and third parties that manage your environments, such as MSP and MSSP.

2.  Incident response

Procedures need to include a data breach's entire lifecycle, starting from notification of suspicious activity and ending with lessons learned after completing the breach remediation.

3.  Business continuity

Disaster recovery and business continuity plans need to include security incidents and data breaches. Before bringing systems back online, don't forget to patch and block all non-essential services.

4.  Backup

Backups can save your operations, particularly in a ransomware attack. Having cloud backups can further speed recovery.

5.  Legal reporting

Get legal advice on how to report incidents and who to report them to. A good Digital Forensics (DFIR) team will have partnerships with law firms to guide you through the process.

 6.  Critical system components

Make sure you have data and system classification in place. Establishing where your sensitive data resides and associated critical systems will not only allow you to rapidly assess the impact, but will also guide the areas your security should focus on protecting.

 7.  Notification to oversight bodies

Whether it is PCI data, Health Data, or any other data with mandatory reporting, the appropriate oversight body will need to be notified. When you inform the oversight body, you will have a higher likelihood of reduced fines if you also include what you have done to immediately remediate the breach and your high-level plans to reduce the risk of another breach.

For help developing your incident response plan during #DataPrivacyWeek or any time throughout the year, contact one of our experts here at Mazars.

Published on January 25, 2022

Author