SOP Incident Response and Management
Incident Response and Management
SOP Number IT/016/R.1
SOP Title Incident Response and Management
NAME
TITLE
DATE
Author
Sandeep R. Yadav
System Admin
30-07-2024
Reviewer
Ashutosh Awasthi
Senior Manager
30-07-2024
Authoriser
Mahaveer Devannavar
General Manager
30-07-2024
Effective Date:
30-07-2024
Review Date:
30-07-2024
1. PURPOSE
The purpose of this documents is to verify and follow the checklist during power outage, network failure and security breach. This is to check the services status, availability, security and uptime
2. INTRODUCTION
An incident response plan is a set of instructions to help IT staff detect, respond to, and recover from power outage, network security incidents, security breach etc. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work
3. SCOPE
The scope applies to all servers VM and physical, storage device, firewall, switches, AC, SMS controller panel etc configured for running Somaiya infrastructure
4. RESPONSIBILITIES
4.1 Role of System Administrator:
The System Administrator is responsible for ensuring that all checklist is executed during crises. The system administrator need to escalating the problem to the Senior Manager, Head of Department for any outages
5. SPECIFIC PROCEDURE
5.1 Incident Response and Management during Power Outage:
Reporting an outage:
Report all power outages to the Department of IT
Safety Procedures:
In case of a power outage,
- Activate IT department Business Continuity Plan
- Assess the extent of the outage in your datacentre and report the concerned stakeholders
- Monitor the UPS and generators for functionality as Datacentre load will automatically switch to UPS power
- Unplug desktop computers, equipment and appliances during the outage, especially if no surge protector is connected
- Shutdown any equipment or process that could be hazardous if power suddenly returns
- Keep AC in power off mode during a power outage
- Verify the UPS backup and accordingly power off all services in Data Centre
Checklist:
- Check UPS battery load and status
- Check with power service provider for status of resuming power
- Check source for providing alternate power
- Check all devices status in Data Centre like servers, network devices, Storage, SMS AC panel controller, AC etc
- Verify all critical services like ILL connections, services, websites, applications etc
Escalation matrix:
During power outage team can reach to below authority in a hierarchy,
Escalation Level 1:
Raghavendra Nayak ( System Administrator )
Mobile Number: 9322535875
Email ID: datacentre@somaiya.edu
Escalation Level 2:
Ashutosh Awasthi ( Senior Manager )
Email ID: ashutosh.awasthi@somaiya.edu
Mobile Number: 9713421185
Escalation Level 3:
Mahaveer Devannavar ( General Manager )
Email ID: mahaveer@somaiya.edu
Mobile number: 9819986501
5.2 Incident Response and Management during Network failure:
Reporting an outage:
Report network failure outages to the Department of IT
Safety Procedures :
In case of a network failure,
- Immediately involve the Network manager and team to deal with the situations
- Reroute the traffic to other network to make service up and running fine
- Failover over configuration to be created for all critical services to be load balanced during network failure automatically without downtime
Checklist:
- Verify ILL connections failover involving network team
- Contact ILL service provider involving network team for status
- Verify all critical websites, servers, storage, applications accessibility
- Ping and telnet all critical services for confirming reachability
Esclataion matrix:
During network failure team can reach to below authority in a hierarchy,
Escalation Level 1:
Atul Tamhane ( Network Manager )
Mobile Number: 8976015364
Email ID: atul.tamhane@somaiya.edu
Escalation Level 2:
Ashutosh Awasthi ( Senior Manager )
Email ID: ashutosh.awasthi@somaiya.edu
Mobile Number: 9713421185
Escalation Level 3:
Mahaveer Devannavar ( General Manager )
Email ID : mahaveer@somaiya.edu
Mobile number : 9819986501
5.3 Incident Response and Management during Security breaches:
Reporting an outage:
Report security breaches to the Department of IT
Safety Procedures:
In case of a security breaches,
- Immediately involve antivirus team and SOC team to monitor the situations
- Take all affected equipment offline immediately but don't turn any machines off until the forensic experts arrive
- Assess the risk and try to protect those affected
- Closely monitor all entry and exit points, especially those involved in the breach. If possible, put clean machines online in place of affected ones
CHECKLIST:
- Check the status of all servers and services on antivirus console for infections involving endpoint SOC team
- Power off all infected devices prior approval
- Involve perimeter SOC team to verify and check all the policies and rules on firewall
- Scan all critical devices for checks
Escalation matrix:
During security breach team can reach to below authority in a hierarchy
Escalation Level 1:
Deepak Pawar ( Antivirus Executive )
Mobile Number: 9820990727
Email ID: deepak.lp@somaiya.edu
Escalation Level 2:
Ashutosh Awasthi ( Senior Manager )
Email ID: ashutosh.awasthi@somaiya.edu
Mobile Number: 9713421185
Escalation Level 3:
Mahaveer Devannavar ( General Manager )
Email ID: mahaveer@somaiya.edu
Mobile number: 9819986501
6. DEFINATIONS
6.1 Security breach: A security breach is any incident that results in unauthorized access to computer data, applications, networks or devices. It results in information being accessed without authorization. Typically, it occurs when an intruder is able to bypass security mechanisms
6.2 Incident response: An incident response plan is a set of instructions to help IT staff detect, respond to, and recover from power outage, network security incidents, security breach etc. These types of plans address issues like cybercrime, data loss, and service outages that threaten daily work
7. FORMS/TEMPLATES TO BE USED
A standard templates is used to record incidence by Department of Information Technology
8. CHANGE HISTORY
SOP No.
Effective
Significant Changes
Previous
Date
SOP no.
IT/xxx/x.x
30-07-2024
First version
N.A.