Printed from CheckTick DSPT Compliance Documentation
Cyber Security Tabletop Exercise: Post-Action Report
Date: [Insert Date] 2025 Participants: [SIRO Name] (SIRO), [DPO Name] (CTO) Scenario Source: Based on NCSC Threat Intelligence (Supply Chain Vulnerabilities)
Scenario Overview
A simulated 'Critical' vulnerability was identified in our production environment (Northflank). The scenario evolved to include unauthorized database access and a demand for ransom.
Key Objectives Tested
- Role Clarity: Does the SIRO know exactly when to trigger the 24-hour notification? (Result: Success)
- Technical Access: Can the CTO access emergency backups if primary SSO is 'locked out'? (Result: Identified delay in hardware key retrieval)
- Communication: Testing the wording of the initial 'Flash Alert' to NHS Trusts. (Result: Refined template)
Lessons Learned & Action Plan
| Finding | Mitigation Action | Status |
|---|---|---|
| Emergency credentials took 15 mins to locate. | Centralized physical 'Break-Glass' kit created. | Complete |
| Initial alert was too technical. | Created a 'non-technical' summary template for Clinical Leads. | Complete |
| 72-hour ICO window understood. | Re-confirmed DSPT reporting tool login credentials. | Complete |
Signed: [DPO Name] (SIRO) Date: 28/12/2025