Skip to content

SC.08 — Security Incident Management#

System: AI Connectors Platform Last updated: 2026-04-29

This document describes how the AI Connectors platform fulfils the SC.08 control category.

Control Attestation Table#

Control Description Status Evidence
SC.08.01 Set up a process to ensure that incidents are reported Compliant Incident response process documented in incident-response.md section 3 (Escalation Process) and section 4 (Contacts). All Medium+ severity incidents escalated to globalsecops@novonordisk.com. Detection channels defined in section 2.
SC.08.02 If verified that an incident is occurring, take action Compliant Immediate escalation to Global Security Operations mandated in incident-response.md section 3 step 4. Containment actions by incident type defined in section 5. Evidence preservation procedures in section 6.

Security Controls Reference#

CTRL0537523 — SC.08.01: Set up a process to ensure that incidents are reported#

Control Text: Set up a process to ensure that relevant IT security incidents, or suspicion of IT security incidents, are urgently sent for verification to technical personnel responsible for operating the IT solution.

Applicability: Basic IT security requirement.

Additional Description

IT solutions should, in their operational setup, include practices and processes for handling possible security events. Such processes should include:

  • Escalation of possible security events to the Global Information Security team or to the help-desk to facilitate further investigation.
  • Steps to prevent further proliferation of security compromises.

Possible security-related events should be sent to globalsecops@novonordisk.com as soon as possible.

Detailed Description

The AI Connectors platform fulfils this control through automated CloudWatch alarms and a structured incident reporting process that ensures all suspected security incidents reach technical verification personnel without delay. Detection occurs through automated monitoring (authentication failures, error spikes, HTTP errors) and manual channels (audit logs, CloudTrail, GitHub Security scanning), with all alerts classified by severity and escalated accordingly. All Medium and above severity incidents are immediately escalated to Global Security Operations at globalsecops@novonordisk.com for verification and investigation. The platform maintains comprehensive evidence preservation procedures and mandates post-incident reviews for continuous improvement.

Implementation Considerations

CTRL0537528 — SC.08.02: If verified that an incident is occurring, take action#

Control Text: If verified that an incident is an IT security incident, ensure escalation to Global Security Operations for investigation.

Applicability: Basic IT security requirement.

Additional Description

Once a security incident has been verified, escalate immediately to globalsecops@novonordisk.com.

Detailed Description

The AI Connectors platform fulfils this control by immediately escalating all verified security incidents to Global Security Operations at globalsecops@novonordisk.com, in parallel with incident-specific containment actions. Containment procedures are tailored by incident type (credential compromise, unauthorized access, data exfiltration, service outage) to enable rapid response while preserving forensic evidence through mandatory pre-remediation export of audit logs, CloudWatch Logs, CloudTrail events, and Azure AD sign-in data. All Medium and above severity incidents undergo mandatory post-incident reviews within five business days, with findings documented to drive continuous improvement and GDPR compliance for personal data breaches.

Implementation Considerations