Skip to content

Step-By-Step Guide to Third-Party Incident Response

Man working on computer

With as many controls, standards, and protocols in place as possible, third-party security incidents do happen. Because today's ultra-connected world relies on cloud-based vendor partnerships to send and receive data, there are so many areas for potential incidents to occur.

Here are five steps to take when responding to a third-party security incident:

1. Capture evidence and information without compromising data

What exactly happened? How did your team find out? What information was compromised? Collecting this information – as much data on the incident as possible – without putting your data at any more risk should be your first step in any incident response. Once you know what happened, you can take steps toward resolution.

2. Alert key stakeholders

One of the most critical steps of any incident response plan is telling stakeholders what happened. Hopefully, you are already working with your third-party vendor from step one, but if not, you need to alert them of the incident. All of your executive team members should be briefed, and a response plan should be implemented to alert consumers who had their data compromised of the situation. Depending on the size and scope of your organization, you may need to release a press release for shareholders and other public officials.

3. Identify root cause

While all the public-facing action is taking place, your InfoSec team should be working diligently behind the scenes to identify the root cause of the issue. Was it an overlooked standard during the vendor assessment process? A malicious threat worming its way through your controls? Identifying the root cause is key to the next step toward resolution.

4. Implement contigency plans

With the root cause identified, it's time to jump into action. Using your team's contingency plans that you (hopefully) already have ready to go, your team should start auditing and understanding the impact of the incident. Plugging the hole in your security protocols, auditing third-party assessments and controls to ensure no manual errors were made, and optimizing your standards to ensure the issue won't happen again are all areas your team should focus on.

5. Review + revamp processes

Once the issue is resolved, the stakeholders notified, and the full extent of the incident is reviewed and addressed, it's time to start back at square one. Reviewing your third-party incident response plan and directly addressing any gaps or areas of improvement is key to ensuring things operate even more efficiently in the future. And, try as you might, there will be a next time, so optimizing your incident response plan as often as possible can help minimize the risk down the road.

Want to learn more?

While a third-party security incident is not at the top of any InfoSec team's wish list, it is essential to have a contingency plan in place. With Whistic, you can work one-on-one with an expert consultant to build the perfect incident response plan for your organization and your industry. You can learn more and get started here.

Information Security