Skip to main content
Advisory

Advisory  Incident Response Policy

Date: 01/01/2025
Organization: Cybersecurity and Enterprise Risk Management
Referenced Sources: MGL Chapter 7D, Section 2

The Incident Response Policy establishes the minimum security requirements that must be implemented to protect the Commonwealth’s information assets in the event of a cybersecurity incident, data breach, or other security compromise of the Commonwealth’s information assets.

Contact   for Incident Response Policy

Cybersecurity and Enterprise Risk Management

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Skip table of contents

Table of Contents

You skipped the table of contents section.

Purpose

The purpose of this policy is to establish the minimum security requirements that must be implemented to protect the Commonwealth’s information assets in the event of a cybersecurity incident, data breach, or other security compromise of the Commonwealth’s information assets. This policy reinforces the Commonwealth’s commitment to an effective cyber incident response program, and outlines the framework, principles, and controls required to ensure the protection of the Commonwealth’s information technology environment.

Downloads   for Incident Response Policy

Open PDF file, 225.64 KB,  IS.005 Incident Response Policy (English, PDF 225.64 KB)

Contact   for Incident Response Policy

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Referenced Sources:
MGL Chapter 7D, Section 2

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback