Incident Response These questions are designed to determine if your IT service provider has a documented plan in preparation for a cyber or other incident. 1. Do you have documented incident response plans? a. How often are they updated? b. How often are they tested? c. Have you had any signi昀椀cant incidents in the past 12 months? i. Please explain 2. If you were to be hit by a ransomware attack, please describe (on a high level) the recovery process you would follow and how the attack could impact customers? a. What are the recovery time objectives? b. What is the continuity plan? 3. If you su昀昀ered a general cybersecurity incident, do you have clearly de昀椀ned and documented response steps in written form, not stored on your potentially impacted corporate assets? 4. Who owns the responsibility for the plan, response and is there a succession plan? 5. Do you have a quali昀椀ed crisis manager? Questions To Ask Your MSP | 12