The year 2025 has just begun and your crisis room is ready for whatever comes, right? Yes? No?
Well, if it is not yet available – or does not exist – you can still include the acquisition of some resources in the emergency budget, after all, it is a “crisis room”, and structuring your company’s one is very important. Hiring good training for crisis room members and secure platforms for incident management, for example, should be seen as urgent actions.
And what is a crisis room?
It is an emergency meeting that is held when a security incident occurs. And here we are dealing specifically with information security containing personal data.
The General Personal Data Protection Law, Law 13.709/2018, does not require companies to maintain a crisis room, incident response whatsapp data or IT war room , as they wish to call it, in their structure, especially because its nature is ephemeral, but it is important to look carefully at chapter VII of the LGPD.
This chapter discusses the security measures
Good practices and governance that corporations must adopt, such as reporting incidents to the National Data Protection Authority (ANPD), which must be carried out following technical criteria assessed by the Data Controller (DPO), especially the deadline and quality of the personal data affected.
If a cyber incident occurs in a company
For example, and an IT war room meets without including the DPO, there is a risk of compromising this understand what these technological tools are and how they can boost your online marketing strategy technical assessment and even missing the deadline established by the Authority.
It is common to call crisis rooms restricted to IT and Legal managers, in addition to the CEO and CFO – after all, someone needs to think about finances.
However, regardless of the segment and size of each organization, it is essential that the crisis room includes someone who will analyze and respond to the following issues related to the incident, whether from internal staff or a contracted consultancy:
- – Human Resources;
- – Legal;
- – IF;
- – DPO;
- – Press Office;
- – Audit;
- – Financial;
- – Marketing;
- – Business area(s) directly involved, if any.
And the DPO, in a crisis room
Has fundamental responsibilities that only he, as the Person in Charge, can fulfill, such as: assessing whether the Information Security Triad (CID) has affected personal data; Was the authenticity of the data maintained? Was there any significant damage to the data? Was there technical mitigation? Are there operators involved? Are there sub-operators? And one of the most important: is there a need to communicate with the ANPD?
Ultimately, it is critical that war room members are on alert because SI incidents do and will happen. They need to be able to fulfill their roles as in a fire brigade.
To understand the importance of a crisis room such as a brigade, just remember what happened at the Pequeno Príncipe Children’s Hospital in Curitiba – PR on the morning of October 31, 2023, as reported by the hospital itself : “The uae phone number of the Hospital’s Emergency Brigade were once again decisive in the explosion. The team’s quick response ensured that the flames did not spread. The Fire Department was called and when it arrived there was no longer any risk.”