PagerDuty Blog

Who Handles the Call?

In today’s integrated digital economy, the IT infrastructures at most corporations can no longer exist in silos. The overwhelming benefit of integration is the rapid development of new ideas and solutions. The unfortunate downside is that increased integration and connectivity also places our respective organizations at risk for cyber attacks, computer viruses, and infrastructure problems which affect us and the users we serve.

It is imperative that organizations invest in measures to secure their systems and safeguard their data and that of their customers. Organizations must also have a well-defined incident response plan in place before something happens. The hours following the detection of a breach or other customer-impacting incident shouldn’t include wasting time finding a person to head up a response team and determine who needs to be involved. What is needed is a comprehensive incident response plan, developed ahead of time as a holistic response, involving all key aspects of the company’s leadership.

How Comprehensive Does Your Team Need to Be?

When putting together an incident response team, it should obviously include representatives from IT Infrastructure, Development, and Quality Assurance. But there are a number of other functions which should be represented as well:

  • Company Leadership
  • Public Relations
  • Legal
  • Human Resources
  • Customer Service
  • Risk Management

An incident response team should be responsible for overseeing and directing an organization’s response to an incident, but they should also be tasked with reducing risk and preventing incidents before they happen. Formation of the team should focus first on developing an appropriate response plan, and then move toward implementing measures to prevent incidents from happening. Let’s look at each function to determine why and how different departments should be involved in preventing and responding to incidents.

Company Leadership

Buy-in from company leadership at the very highest levels is essential to the creation and successful operation of an incident response team. Buy-in will allow for proper support and ensure alignment with the team across all aspects of the organization. Leadership involvement is also key in the follow-up of any incident. Alignment of leaders and the business in response to an incident is critical to being effective and responding as quickly as possible.

Public Relations

Following an incident, the public relations representative will be the primary point of contact between the company and users. Key responsibilities in preparation for this are the development of comprehensive information-disclosure policies and working with other teams to develop responses to possible scenarios to specific types of incidents.


As the team responsible for overseeing contracts and company liability, Legal has a key role in developing a legal framework for employees and others who work with the company to ensure that reasonable measures are taken to protect the integrity of the company’s data and intellectual property. In the period immediately following an incident, Legal leads the efforts to determine company liability and ensure that legal obligations with respect to disclosure and notification are handled appropriately.

Human Resources

During the initial development of the incident response team, HR has the responsibility to ensure that the right people are in place, whether they come from within the company, or they’ve  been recruited outside the organization.

HR also has a responsibility to work with the other teams to develop employee policies surrounding access to sensitive data, as well as educating employees about those policies and enforcing them as necessary.

Customer Service

As an outward facet of the company, customer service teams are in a prime position to identify and report potential threats to the company, as well as create a clear line of communication on incident status to users. In addition, they should be familiar with existing information-disclosure policies, and understand when an incident should be escalated and to whom. Representatives should also be intimately aware of data security requirements and potential threats that they may face in working with external users.

Risk Management

Finally, the risk management team is responsible for working with the computer security team to develop and implement policies which outline best practices to identify and mitigate risks before they become incidents. They should also work with other teams to develop and conduct vulnerability assessments, as well as identify and monitor threat detection metrics to function as an early warning system for potential incidents.

Strong Defense Allows for an Effective Offense

Incident response isn’t just the responsibility of the IT Department. While IT does play a critical role in the response team, it is the concerted effort of all teams across an organization that allows for the appropriate, unified, and coordinated response to an incident. Once a company has developed a strong defensive strategy for handling incidents, they should then turn their focus towards identifying risks and mitigating them before incidents even occur.