Question: Incident Response Time Compliance

We have a number of customers whose contracts specify different incident response time requirements. We would like to be able to quickly identify the response time requirements for all customers, and also link security incidents with each. What is the best way to accomplish this?

You can use the open and close incident date/time to accomplish this.

That makes sense for identifying compliance post incident, but what about identifying compliance requirements for all customers prior to an incident?

We have a similar business need since we deal with multiple verticals, multiple governments in multiple countries and various data protection laws depending upon the country. Tracking the requirement to report an incident within XX days/hours is a requirement in some (but not all) of our contracts. And they are not always the same. There is the GDPR requirement to report within 72 hours. There is the U.S. government requirement to report within 24 hours. some clients have requested 48 hours. It makes it hard to track when you have hundreds of possible contractual or legal liabilities. What we have done is to create a custom tab in our third parties section. In this tab we have custom fields for Contract begin date, Contract end date, Incident response requirement, Data retention requirement, Data localization requirement and Breach notification requirement. Each is a separate field. This allows you to do a custom filter on the field. For example, you can search on the field Breach Notification Requirement for an exact match of “24 hours” to find all clients you have entered that have this as a requirement. the hard part is insuring that you are entering the requirements in when you get the contract.