Create an incident response plan
An incident response plan outlines how an entity will respond to a fraud incident.
Why this countermeasure matters
Lack of an incident response plan may lead to:
- intelligence and investigation processes being uncertain or less effective
- poor decision-making and mistakes during the response
- increased financial and reputational damage
- less effective disruption and prosecution efforts.
How to put this countermeasure in place
Some ways to implement this countermeasure include creating incident response plans like:
- a Cyber Security Incident Response Plan
- a Data Breach Preparation and Response Plan
- an Incident Response Plan for serious cases of fraud or corruption.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasures by using the following methods:
- Confirm it is clear when the plan would be triggered.
- Review response plans to see if they conform to the Australian Government Investigations Standards and other national guidelines and frameworks.
- Confirm that the plan and documentation would be easily accessible when required.
- Confirm that the plan shows a timely and standard response to major incidents.
- Confirm that the plan clearly defines command and control structures for:
- actions, mitigations and remediation
- communication such as with staff or the public
- engagement with Ministers, stakeholders and partner entities.
- Confirm the plan remains up-to-date by checking that it assigns roles/accountability to current positions/divisions.
- Run through hypothetical scenarios to determine if the plan is resilient and adaptable.
- Check that the plan is regularly reviewed/tested, including post-incident reviews.
This type of countermeasure is supported by: