| Step |
Responsibility |
Action |
| 1. |
Any User |
If any L&I User becomes aware of suspected or actual loss of PII, he or she must immediately contact the L&I CISO
RA-LI-OIT-DLICISO@pa.gov. |
| 2. |
CISO |
Notify the agency CIO, Communications and Press Office (CPO) and Deputy Secretary for Administration immediately after confirmation that a High or Critical level information security incident has occurred and an L&I incident tracking number has been assigned. |
| 3. |
CISO |
Coordinate incident with L&I and Office of Administration (OA) Enterprise Security. |
| 4. |
CISO |
Completes SSA PII Loss Reporting Worksheet. |
| 5. |
CISO |
Notify the United States Computer Emergency Readiness Team (US-CERT) within one hour of discovering the incident. |
| 6. |
CISO |
Must also notify the SSA Systems Security contact named in the Electronic Information Exchange Partner (EIEP) agreement.
- If L&I has been unable to make contact within 1 hour with that person the CISO must call SSA's National Network Service Center (NNSC) toll free at 877-697-4889 (select "Security and PII Reporting" from the options list). As the final option, in the event SSA contacts and NNSC both cannot be reached, the EIEP is to contact SSA’s Office of Information Security, Security Operations Center at 1-866-718-6425 The EIEP will provide updates as they become available to SSA contact, as appropriate. Refer to the worksheet provided in the agreement to facilitate gathering and organizing information about an incident.
|
| 7. |
CISO |
Provide updates as they become available to SSA contact, as appropriate. Refer to the worksheet provided in the EIEP agreement to facilitate gathering and organizing information about an incident. |
| 8. |
SSA |
Make determination if the risk presented by the breach or security incident requires the notification of the individuals whose information is involved and/or remediation action. |
| 9. |
L&I |
Perform identified remediation actions as outlined by SSA. |