Follow

Change Management & Notification Authorisation

RedShield maintains a record of who within your organisation is authorised to request and make changes. We also maintain a record of who should be notified for certain events that may occur. 

During onboarding this information is collected during the Service Integration Workshop.

Ensuring these records are up-to-date is important so that requests can be actioned in a timely manner and the approval and notification process is followed.

The following are the different authorisations that can be granted to one or more users associated with your RedShield service:

RedShield Portal Roles

RedShield Portal users can access and view data relating to their service and environment. Management of these users is performed by a RedShield Portal Admin user. 

The admin role grants the ability to create additional users within your organisation's tenancy. One or more of the following authorisations will also be required.

Primary Contact(s)

Primary Contacts are the first point of contact between RedShield and the customer. In the case contacts are not provided for some of the other required roles and authorisations, approvals and notifications will go to the Primary Contact.

Monthly Reporting

Logging and reporting is critical to ensuring Customers maintain awareness of changes in the threat environment, their attack surface, and the effectiveness of controls.

It can be used to demonstrate to management and business owners the risks being managed by RedShield and the business value provided by the RedShield service.

Users subscribed to the Monthly Report will receive it via email. 

Scan Notifications

You can nominate one or more users to be notified via email when vulnerability scans are completed. This will provide an overview of any newly identified vulnerabilities,  prompting to log into the RedShield Portal to view any specific scan details.

This should include any personnel / service providers involved in vulnerability management processes.

Change Notifications

You may elect to have users notified of changes for which they may not be directly involved in the approval process. User notification will be via email CC.

The change categories are:

  • Standard 
    • Low risk, such as traffic policy tuning or repeatable / automated jobs.
  • Normal / Planned
    • Typically a production change, or a change to an environment serving live traffic. A Change Request will be submitted for your CAB approval. Changes to be performed during agreed change windows.
  • Emergency
    • Non-standard, urgent changes. These may include post-change customer notification, if users opt-in (see below).

Incident Notifications

You may elect to have users notified of incidents for which they may not be directly involved in. User notification will be via email CC, or via phone if urgent notification is required.

The incident categories are:

  • Incident Notifications
    • Typically events where service availability or user impact is identified. This also includes False Positive resolution events.
  • Post Incident Notifications
    • These include outage resolution notifications and any relevant Root Cause Analysis documents produced by RedShield.

Change Approvals

It is recommended to elect one or more users to be able to authorise changes to be made to your service. If no users are defined, requests must originate from the Primary Contact or authorisation will be sought before changes are made.

The change categories are:

  • Standard
    • Low risk, such as traffic policy tuning or repeatable / automated jobs.
  • Normal 
    • Typically a production change, or a change to an environment serving live traffic. A Change Request will be submitted for your CAB approval if the change is raised by RedShield. Changes to be performed during agreed change windows.
  • Emergency 
    • Non-standard, urgent changes. Please note if you elect one or more users to this category they may be called at anytime (24x7) to approve a change to mitigate such things as a DDoS attack.
  • Commercial
    • Any changes that will incur additional costs require sign-off from an approved contact before the changes can be provisioned. 
  • User Management
    • Any user access or role authorisation change requests raised by a client on RedShield support 

Please submit any required changes to support@redshield.co

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments