Initial assessment to confirm a breach has occurred.
Containment and Mitigation:
Immediate actions to contain the breach and mitigate its effects.
Isolation of affected systems and data.
Investigation and Analysis:
Steps to investigate the breach and analyze its impact.
Identification of compromised data and affected systems.
Notification and Reporting:
Internal notification procedures.
When and how to report the breach through the "Reporting a data breach" SOP.
Recovery and Remediation:
Steps to recover affected systems and data.
Remediation actions to prevent future breaches.
Documentation and Record-Keeping:
Documentation requirements for the breach and response actions.
Record-keeping standards for future reference and compliance.
Communication:
Communication strategies with stakeholders, including affected individuals and regulatory bodies.
Templates for breach notifications.
Motivation
Currently, there is no standardized procedure for handling data breaches within GDI nodes. If not addressed, it could lead to inconsistent responses, prolonged recovery times, and increased risk of data loss or exposure. A standardized SOP will ensure that all nodes handle breaches in a consistent and efficient manner, reducing potential harm, ensuring that GDI is quick and ready to react to these scenarios.
Existing Procedures or References
Existing node-specific procedures for data security incidents.
This SOP will ensure that data breach responses are consistent and secure across all GDI nodes, reducing the risk of data loss, exposure, and non-compliance with regulatory requirements. All GDI nodes using this SOP will benefit from a standardized procedure, making them ready to react to data breaches.
Stakeholders
1+MG Management Board
GDI Coordination Committee
IT security team
Node administrators
Node members of OC/SDPC
Additional Information
Consider including specific examples of data breach scenarios and how the SOP should be applied in those cases. Also, outline the training requirements for staff to ensure they are familiar with the SOP and can execute it effectively.
Requester GDI role
Yes
Requester GDI Node
EMBL-EBI
Confirmation
[X] I have searched the existing SOPs and this request does not duplicate an existing SOP.
[X] I understand that submitting this request does not guarantee the creation of the SOP.
SOP topics
Data protection & security
SOP type
Node-specific
SOP Title
Handling a Data Breach
Detailed Description
Detection and Identification:
Containment and Mitigation:
Investigation and Analysis:
Notification and Reporting:
Recovery and Remediation:
Documentation and Record-Keeping:
Communication:
Motivation
Currently, there is no standardized procedure for handling data breaches within GDI nodes. If not addressed, it could lead to inconsistent responses, prolonged recovery times, and increased risk of data loss or exposure. A standardized SOP will ensure that all nodes handle breaches in a consistent and efficient manner, reducing potential harm, ensuring that GDI is quick and ready to react to these scenarios.
Existing Procedures or References
Impact
This SOP will ensure that data breach responses are consistent and secure across all GDI nodes, reducing the risk of data loss, exposure, and non-compliance with regulatory requirements. All GDI nodes using this SOP will benefit from a standardized procedure, making them ready to react to data breaches.
Stakeholders
Additional Information
Consider including specific examples of data breach scenarios and how the SOP should be applied in those cases. Also, outline the training requirements for staff to ensure they are familiar with the SOP and can execute it effectively.
Requester GDI role
Yes
Requester GDI Node
EMBL-EBI
Confirmation