Does Zayo have a cybersecurity Incident Response Plan?
Yes. Zayo’s cybersecurity Incident Response Plan is in place and addresses the following:
- Identification of a cyber security incident
- Investigation of the situation (including triage)
- Taking appropriate action (e.g. containing the incident and eradicating its source)
- Reporting to relevant stakeholders
- Recovering from a cyber security incident
How often does Zayo review and update incident response plans?
Incident response plans are reviewed and updated at least annually.
Are tabletop exercises performed?
Yes. Tabletop exercises are performed with the following requirements:
- Tabletop exercises are based on emerging risks and threats
- Tabletop exercises involve stakeholders listed in an incident response plan
- Tabletop exercises involve senior management
- Lessons learned/improvement actions are documented after tabletop exercises
Has Zayo partnered with any incident response security vendors?
Yes. Zayo has partnered with incident response security vendors for the following purposes:
- Notification & Monitoring
- Breach Prevention
Do you have a documented incident response process and a dedicated incident response team?
Yes.
What is Zayo’s process for reviewing and exercising the resiliency plan?
Zayo continuously tests its resiliency protocols and exercises the plans annually and during real-world events that are managed and escalated appropriately.
What is Zayo’s process to ensure customers and external entities (such as government agencies) are notified of an incident when a product or service is impacted?
Customers and external entities are notified by email when an impactful incident occurs. Zayo is also implementing a system of notification in the online Trust Center.
Does Zayo have processes or procedures to recover full functionality, including integrity verification, following a major cybersecurity incident?
Yes.
Do you insure for financial harm from a major cybersecurity incident (e.g., self-insure, third party, parent company, etc.)?
Yes.
Does coverage include financial harm to Zayo customers resulting from a cybersecurity breach which has impacted your company?
Yes, to the extent of Zayo’s liability. Zayo is not the controller of customer data.