last sync: 2023-Nov-30 18:20:17 UTC

Azure Policy definition

Microsoft Managed Control 1362 - Incident Handling | Regulatory Compliance - Incident Response

Source Azure Portal
Display name Microsoft Managed Control 1362 - Incident Handling
Id 5d169442-d6ef-439b-8dca-46c2c3248214
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Incident Response control
Additional metadata Name/Id: ACF1362 / Microsoft Managed Control 1362
Category: Incident Response
Title: Incident Handling - Incorporation of Lessons Learned
Ownership: Customer, Microsoft
Description: The organization: Incorporates lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implements the resulting changes accordingly.
Requirements: As part of IcM, when an incident is resolved, service teams must provide a resolution. When the incident is addressed, the service team with the incident ticket assigned to them resolves the incident and provides the mitigation steps taken to resolve the incident. Service teams can also provide root cause information for optionally correlating the incidents within IcM. For all Severity 0, 1, or 2 incidents, a Post Incident Response (PIR) review is completed by the Security Response Team to determine root cause details and compile a report containing all lessons learned from the incident. The goal of these reviews are to: * Identify technical or communications lapses, procedural failures, manual errors, process flaws that might have caused the Availability Incident or that were identified with a formal PIR * Ensure technical lapses are captured and can be followed up with engineering teams in the form of bugs in their operational databases * Evaluate response procedures for sufficiency and completeness of operating procedures. Additionally, the Incident Manager is accountable for maintaining an inventory of all repair items, their owners, and completion dates. The PIR should contain the following: * Customer/Business Impact * Incident Severity * Root Cause Description * Repair items
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a