ReadyNine | [email protected] | 500 W. Madison Street, Suite 1000, Chicago, IL 60661 Incident Response These questions are designed to determine if your IT service provider has a documented plan in preparation for a cyber or other incident. 1. Do you have documented incident response plans? a. How often are they updated? b. How often are they tested? c. Have you had any significant incidents in the past 12 months? i. Please explain 2. If you were to be hit by a ransomware attack, please describe (on a high level) the recovery process you would follow and how the attack could impact customers? a. What are the recovery time objectives? b. What is the continuity plan? 3. If you suffered a general cybersecurity incident, do you have clearly defined and documented response steps in written form, not stored on your potentially impacted corporate assets? 4. Who owns the responsibility for the plan, response and is there a succession plan? 5. Do you have a qualified crisis manager?