SFC: Incident Response | Security Alliance — Security Checklist

Detection, response procedures, communication, containment, recovery, and post-incident review.
Org:
Owner:
Date:

1. Governance & Team Structure

  • IR Team and Role Assignments
    Do you have an incident response team with clearly defined roles and responsibilities?
  • Stakeholder Coordination and Contacts
    Do you maintain current contacts and coordination procedures for all parties needed during an incident?
Notes:

2. Monitoring, Detection & Alerting

  • Monitoring Coverage
    Do you maintain monitoring coverage for your critical systems, protocols, and external attack surfaces?
  • Alerting, Paging, and Escalation
    Do you have alerting and paging systems that reliably route incidents to available responders?
  • Logging Integrity and Retention
    Do you maintain tamper-evident logs with adequate retention for incident investigation?
Notes:

3. Response & Emergency Operations

  • Response Playbooks
    Do you maintain response playbooks for common incident types?
  • Signer Reachability and Coordination
    Can you reach enough signers to execute emergency on-chain actions at any time, including outside business hours?
  • Emergency Transaction Readiness
    Do you have backup signing infrastructure and pre-prepared emergency transactions for critical protocol functions?
Notes:

4. Communication & Coordination

  • Incident Communication Channels
    Do you maintain secure, dedicated communication channels for incident response?
  • Internal Status Updates
    Do you have procedures for providing regular status updates to stakeholders during incidents?
  • Public Communication and Information Management
    Do you have procedures for public communication and information management during incidents?
Notes:

5. Testing & Continuous Improvement

  • IR Drills and Testing
    Do you conduct regular incident response drills and evaluate the results?
Notes: