Rapid Response Retainer Professional Service Description

Incident Response Plan Review

 

1.      Scope of Work.

1.1.   Incident Response Plan Review.  Verizon's incident response plan review (the “Review”) will review and assess Customer’s current policies, processes and procedures, checklists, and work-flows documentation (collectively, the “Plans”), related to Customer’s incident response (“IR”) program.  Verizon will focus the Review on Plans surrounding information technology (“IT”) security alerts and events that invoke Customer’s IR processes.  

 

1.2.   Review Customer’s IR Documentation.  Verizon will review Customer’s documented policies, procedures, work flows, and any other documentation related to the Plans. Verizon will review the Plans against generally accepted industry practices for incident response.  The information that will be included in the Review will be grouped into the following six (6) categories:

·        Planning and preparation;

·        Detection and classification;

·        Collection and analysis;

·        Containment and eradication;

·        Remediation and recovery; and

·        Assessment and reporting.

 

The purpose of the Review will be to assist Customer in identifying gaps in Customer’s existing Plans, such as roles and responsibilities of IR stakeholders, escalation and communication processes, incident handling coordination measures, and other functions critical to executing an IR process.

 

1.3.   Project Management. Verizon will work with Customer to schedule a kickoff conference call to initiate the Project. Verizon and Customer will collaborate to set the agenda and determine required stakeholders and other attendees. During or before the kickoff call, Customer will provide a list of appropriate contact personnel with “after hours” emergency contact numbers, and appropriate on-site authorization documentation (where applicable). The output of the kick off call will be an agreement on the resources, dates, times, and locations for the tasks described.

 

2.      Deliverables and Documentation to be produced by Verizon. Deliverables are intended for Customer and Verizon use only. Customer may disclose a Deliverable to a third party pursuant to the Agreement’s confidentiality terms.  Upon completion of the engagement, Verizon will produce a “Management Report” of observations from the Review, and provide recommendations designed to enhance, mature, or improve Customer’s IR capabilities.

 

3.      Documentation to be produced by Customer and Customer Obligations. Delivery of the Professional Services by Verizon is dependent on Customer’s performance of the following:

3.1.   Customer will appoint a single point of contact for co-ordination of the Project activities for interaction with Verizon and ensuring smooth data flow and exchange of information required for execution of the Project within the agreed time-frame; and

3.2.   Customer will be responsible for the actual content of any data file, selection, and implementation of controls on its access and use, and security of stored data.

 

4.      Assumptions. Delivery of the Professional Services by Verizon is predicated on the following assumptions and conditions:

4.1.   Customer is responsible for the implementation of any changes to documented processes and procedures, as recommended in the Management Report; and

4.2.   Professional Services will be performed during the hours as defined in the Engagement Letter.