Data Incident Response – You’re Doing it Wrong!

Using a GRC platform, spreadsheet or homegrown system to manage your privacy and security incident response?  You’re doing it wrong!  You need the right tool for the job!

About five years ago I walked into a fly fishing shop near me looking for some flies.  At the time I didn’t know much about fly fishing, I had just picked it up.  I was looking for flies specifically for steelhead fishing.  The man behind the counter asked what weight my fly rod was, I had a 6wt.  He bluntly told me that I didn’t “have the right tool for the job” – if I was going to be fishing for steelhead I had the wrong rod, the wrong tool*.  After I insisted I’d be fine, a lot of back and forth and him repeating the same line “you don’t have the right tool for the job,” I finally gave in.  He was right, I was ill equipped.

I think of this story every time I encounter an organization using a GRC platform, spreadsheet or a homegrown system to manage their privacy and security incident assessments and response.  They “don’t have the right tool for the job.”  Those systems weren’t built to handle the complexity of incident response.  Why?

Those systems don’t help make your incident assessment consistent from incident to incident – no matter if it is Sally in New York or Joe in Florida.

And because they aren’t consistent, those systems don’t provide you proof of compliance!

Those systems aren’t specifically built to speed up and simplify the incident process and workflow – saving time = saving money!

Those systems don’t help you reduce your risk by reporting on historical data to help predict, analysis and pro-actively reduce your future risk.

Driscoll Health System, Phytel, Catholic Medical Partners and many others now have the right tool for the job- RADAR: Data Incident Response.

RADAR uses a collaborative workflow that enables security and privacy staff to capture incident information. Then using its embedded knowledge of state and federal regulations, which is continuously updated, RADAR helps organizations to consistently assess incidents and provide guidance on whether a data breach has occurred. In such cases, where an incident is classified as a data breach, RADAR outlines notification requirements and manages the related work processes. It also provides proof of compliance, because all incidents are documented in its repository, making them easily accessible for regulatory inquiries. Analysis and trending of incident information in RADAR also helps organizations to identify and reduce security risks.

RADAR, the right tool for the job.

 

*I later learned that this debatable.

About Data Breach Watch Administrator

, , , , ,

No comments yet.

Leave a Reply