The following ICBA incident response guide has been created not to replace your incident response plan (IRP), but to provide you and your team necessary steps and other suggestions to assist in your incident response.
Evaluate if the incident warrants the need to activate your incident response plan (IRP).
Evaluate the amount of time necessary to address the incident and setup meetings with appropriate stakeholders.
The IRP should detail contacting all or most of the following organizations and agencies to either work toward an incident response and resolution, to notify them of the incident, or to look for additional resources that might be helpful in your incident response.
The IRP should detail a communication plan with communication streams directed at different stakeholders. Incident details may differ so collect the incident details from vendors and staff needed for your incident response communication plan. There should be communications for:
Depending on the size and significance of the incident, consider staffing a specialized response call center with its own phone number, or direct calls from the general bank number(s) to the new call center.
Incidents can be stressful times for all bank staff. Provide a list of resources to help staff who may need additional support during this time. Involve your senior leadership team and HR Department to monitor stress and to look for additional resources that can be provided throughout the incident response.