The Healthy.io Incident Response process follows the following phases:
Identification – System and security alerts may be aggregated, correlated, and analyzed. Healthy.io IT operations investigate security events throughout Healthy.io. If an event indicates a security issue, they assign the incident a severity classification and appropriately escalate it within Healthy.io. This escalation will include product, security, and engineering specialists.
Containment – The Escalation team evaluates the scope and impact of an incident. The immediate priority of the Escalation team is to ensure containment of the incident and safety of the data. The Escalation team forms the response, performs appropriate testing, and implements changes. If the incident requires an in-depth investigation, the team collects content from the relevant systems using best-of-breed forensic software and industry best practices.
Eradication – After the Escalation team contains the situation, they move towards eradicating any damage caused by the security breach and identifying the root cause of the security issue which occurred. If the Escalation team determines that it is a vulnerability issue, they report it to product engineering.
Recovery – The system receives software or configuration updates during recovery and restores services to full working capacity.
Lessons Learned – The team analyzes each security incident to ensure the application of appropriate mitigations to protect against future recurrence.
Healthy.io has clearly-defined incident response plans and notification requirements if an event impacts a tenant.Healthy.io has developed its incident response program, plans, and procedures aligned with ISO/IEC 27001:2013 standards. An independent auditor has validated and certified that Healthy.io aligns with ISO/IEC 27001:2013 certification standards