Third-Party Breach Response Checklist
1. Initial Assessment
- Identify affected third-party vendor(s)
- Determine the scope and nature of the breach
- Review existing contracts and data processing agreements
2. Communication
- Notify internal stakeholders
- Contact the third-party for incident report and details
- Assess need for customer/partner notifications
3. Investigation & Containment
- Request incident timeline and remediation steps from third-party
- Review and analyze data potentially impacted
- Work with IT/Security to contain risk and prevent further exposure
4. Regulatory & Legal
- Assess legal and regulatory notification obligations
- Document actions taken and maintain records of communication
- Engage legal/compliance counsel as needed
5. Post-Incident Actions
- Evaluate third-party response and future engagement
- Update risk assessments and vendor management processes
- Debrief with team and update breach response plan
Notes