From 90905f45fcb600dc15e2902702aec46db943b407 Mon Sep 17 00:00:00 2001 From: Brett Kyle Date: Mon, 25 Nov 2024 13:39:01 +0000 Subject: [PATCH] Update incident process From a recent incident review. Encourage video calls to mob on incidents. Give further example of a P4 incident. --- source/security/incidents.html.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/security/incidents.html.md b/source/security/incidents.html.md index e873723..56b743c 100644 --- a/source/security/incidents.html.md +++ b/source/security/incidents.html.md @@ -28,6 +28,7 @@ Additionally, consider if a given issue needs to be solved immediately or if the - Malicious code being shipped in govuk-frontend - Linking to a malicious resource in our documentation eg: a port of govuk-frontend that contains malicious code - A serious accessibility bug is shipped/discovered in govuk-frontend +- A majority of our GitHub PRs are failing ### Examples of things that are not incidents @@ -58,6 +59,8 @@ You should assign 2 roles to help manage the incident: Incidents are varied and can require different roles to resolve. You also may discover exactly which roles you need as the incident progresses. It's recommended to request roles on the team as you need them. +It is almost always helpful to hop on a video call with each other while dealing with an incident. + ### Start an incident report The incident team at this point should start an incident report so that they can keep track of the incident, its impact, its severity, a timeline of events and, once resolved, a list of actions taken out of an incident review. You can find a template for incident reports, as well as a record of all previous incidents by year, [in the INCIDENTS folder in the team drive](https://drive.google.com/drive/u/0/folders/1plXDUGFIoyzWubWNC9J_IjMiEN8eh9pO).