Register now: Why you’re (probably) doing service catalogs wrong
Register now: Why you’re (probably) doing service catalogs wrong
At Vanta, our goal is to nurture a positive security culture in everything we do—which is especially critical given that helping our customers improve their security and compliance posture starts with our own. Employees are the key to our security resilience, so we strive to build and support a strong culture of incident response in tandem.
Here’s what that means to us at Vanta:
To build and cultivate an active culture of incident response, let’s start with designing the program. First, you’ll want to think about your tooling (hint: we use incident.io!). Another critical component is recruiting, training, and supporting teammates who can help lead incidents—it’s helpful to mix both brand-new folks who bring new perspectives and long-time incident commanders who bring a wealth of past experience.
This includes deciding and documenting what it means to be an incident commander. Help your incident commanders understand their role and ensure they’re consistent with a clear list of responsibilities and playbooks. It also helps to build out a lightweight training program for your incident commanders—including resources, timelines, expectations, and a structure for shadowing and reverse-shadowing to ensure they have feedback mechanisms built in before they’re ready to operate solo.
To foster an environment where your incident commanders are motivated to help mature your program, invite them to contribute feedback, whether asynchronously or through quick debriefs when needed. This supports a healthy environment where anyone can contribute their feedback, knowledge, and perspectives regardless of role or seniority. Examples of contributions could include things like refining severity levels and criteria, proposing revised steps, and streamlining processes.
When structuring rotations, keep an eye out for the overall energy and scalability of your incident responders; after all, they have quite a bit on their plates already. As you grow and scale your rotation, assess your overall bench strength. Consider training new incident commanders, supporting existing team members, and potentially even designing tiers of responders who are able to serve as back-up to one another and be paged for incidents of different severity, domains, and complexity.
Next, let’s talk about the launch phase for your program. Keep in mind that culture isn’t built overnight with only one action or communication. Nurturing strong cultures of security and incident response requires motivating and enabling your employees with every policy, communication, behavior, and interaction they have with your security and incident response teams.
Here are our suggestions for how to approach this:
Incidents can be stressful, so it helps to view incident response as a company muscle to exercise and strengthen over time. To know what to improve, we suggest measuring your overall incident response culture in ways that are meaningful to your organization. To ensure employees know how to report a potential incident, start by looking at the number of internal searches and hits and keywords for incident response documentation, such as in a centralized wiki or hub.
To understand your current culture around filing incidents, look at incidents filed by severity level and any patterns with incident reporting—such as where incidents were filed and by which teams and orgs. For instance, how many filed incidents were closed as a false positive? If that number is zero, it may be a symptom that your employees aren't erring on the side of filing when in doubt.
And lastly, to help foster an environment where all employees can share their feedback, take a look at their questions, suggestions, and feedback around incident response for the depth of their engagement, the percentage of suggestions that have been implemented, and more. A lightweight internal survey can also help reveal shared observations and actionable recommendations for your overall program.
To close, remember that building a culture of incident response, like security, takes ongoing support and investment—we’re never quite finished, and we’ll continue learning from one another along the way.
Vanta is trusted for continuous security monitoring and compliance by thousands of established companies. Learn more about how Vanta can revolutionize your security.
We created a dedicated page for Anthropic to showcase our incident management platform, complete with a custom game called PagerTron, which we built using Claude Code. This project showcases how AI tools like Claude are revolutionizing marketing by enabling teams to focus on creative ways to reach potential customers.
We examine both companies' comparison pages and find some significant discrepancies between PagerDuty's claims and reality. Learn how our different origins shape our approaches to incident management.
The EU AI Act introduces new incident reporting rules for high-risk AI systems. This post breaks down what Article 73 actually mandates, why it's not as scary as it sounds, and how good incident management makes compliance a breeze.
Ready for modern incident management? Book a call with one our of our experts today.