Role

Responsibility

IncidentManager

The Incident Manager is the primary and ultimate decision maker during the response period. This role is assigned to the CTO. The Incident Manager is ultimately responsible for resolving the incident and formally closing incident response actions. See Appendix A for Incident Manager contact information. These responsibilities include: Ensuring the right people from all functions are actively involved asappropriateCommunicating as appropriate.Communicating status updates to the appropriate person or teams at regular intervalsResolving incidents in the immediate term Determining necessary follow-up actionsAssigning follow-up activities to the appropriate peoplePromptly reporting incident details which may trigger breach reporting, in writing to the COOCIO/CTO

IncidentResponseTeam

The individuals who have been engaged and are actively working on the incident. All members of the IRT will remain engaged in incident response until the incident is formally resolved, or they are formally dismissed by the Incident Manager.

Engineers

Qualified engineers will be placed into the on-call rotation and may act as the Incident Manager (if primary resources are not available) or a member of the IRT when engaged to respond to an incident. Engineers are responsible for understanding the technologies and components of the information systems, the security controls in place including logging, monitoring, and alerting tools, appropriate communications channels, incident response protocols, escalation procedures, and documentation requirements. When Engineers are engaged in incident response, they become members of the IRT.

Users

Employees and contractors of Tekai. Users are responsible for following policies, reporting problems, suspected problems, weaknesses, suspicious activity, and security incidents and events.

Customers

Customers are responsible for reporting problems with their use of Tekai services. Customers are responsible for verifying that reported problems are resolved.

LegalCounsel

Responsible, in conjunction with the CEO and executive management, for determining if an incident presents legal or regulatory exposure as well as whether an incident shall be considered a reportable breach. Counsel shall review and approve in writing all external breach notices before they are sent to any external party.

ExecutiveManagement

Responsible, in conjunction with the CEO and Legal Counsel, for determining if an incident shall be considered a reportable breach. An appropriate company officer shall review and approve in writing all external breach notices before they are sent to any external party.Tekai shall seek stakeholder consensus when determining whether a breach has occurred. The Tekai CEO shall make a final breach determination in the event that consensus cannot be reached.