May 2019 - Issue 87

Annual Meeting of the Board of Directors

Executive Committee Appoints Marshall Goodman

California JPIA 24th Annual Risk Management Educational Forum Scholarship Opportunity

Effectively Managing Risk – City of La Quinta

Brown Act: The Importance Of Sticking To Your Agenda

Legislative Update

Understanding and Managing Valley Fever

Mandated Reporters at Your Agency

Cyber Incident Response Readiness

News: Worthy

Annual Meeting of the Board of Directors

By Jon Shull, Chief Executive Officer

One of the core qualities of the Authority—strength—is evidenced through its programs and services, and most importantly, its members. The diversity of the Authority’s membership and its significant contributions help shape the organization and ensure that the ideals on which the Authority was founded remain consistent in all that it does.Jon Shull

The Authority’s membership is governed by an appointed Board of Directors and an elected, nine-member Executive Committee. The Board of Directors consists of one representative from the legislative body of each member of the Authority.

“The Board of Directors is a vital aspect of the organization,” says Jon Shull, Chief Executive Officer. “Through the composition of our Board of Directors, elected officials from our member agencies, we ensure that the Authority remains a member-focused organization that makes decisions for the benefit of the entire membership.”

Responsibilities of the Board of Directors, which convenes annually, include approving amendments to the bylaws and joint powers agreement, electing members to the Executive Committee, and providing comment for the consideration of new members to the Authority.  “The Annual Meeting of the Board of Directors is an opportunity to provide transparency, exchange ideas, and acknowledge the value that members bring to the Authority,” says Shull.

This year, the Annual Meeting of the Board of Directors will take place at the Authority campus on Wednesday, July 17, 2019.  The Annual Meeting will include a presentation of information about the Authority’s objectives, vision, and accomplishments over the past year, including recognition of the winners of the 2019 Risk Management Awards.

On an annual basis the California JPIA asks members to certify designated California JPIA Director and Alternate(s) prior to the annual Board of Directors meeting. Registration for the Annual Meeting of the Board of Directors will open in June.  For questions or assistance please contact Veronica Ruiz, Agency Clerk.

News: Worthy02a Marshall Goodman

Executive Committee Appoints Marshall Goodman

Marshall Goodman, mayor of the City of La Palma, was appointed to the Authority’s Executive Committee of the Authority on April 24, 2019.  Marshall was appointed to fill the vacant seat of Committee Member Jennifer King whose term on the Palos Verdes Estates City Council expired in March 2019. 

“The California JPIA is pleased to welcome Marshall Goodman—our neighbor—to serve on the Executive Committee,” says Chief Executive Officer Jon Shull. “We look forward to the Authority’s benefiting from the reasoning, analytical ability, and consensus-building acumen that he has demonstrated as a leader here in La Palma.”

Goodman, elected to the La Palma City Council in 2016, has served the City as a council member, mayor pro tem, and mayor; and began his service as a member of the Community Activity and Beautification Committee. After joining the Board of Directors for the Authority in December 2016, he immediately was impressed by the content and tone of the educational programming.

“It was as if we were having a conversation rather than watching a presentation,” he says. “That orientation left a strong impression on me. I started asking around, and learned more about the Authority’s risk mitigation efforts, education, and training. That whole side of the story was what drew me to want to join the Executive Committee.”

Goodman—who also represents the City of La Palma as an alternate member and member of the boards of directors for the Orange County Sanitation District and the Orange County Mosquito and Vector Control District, and sits on the Housing, Community and Economic Development Policy Committee for the League of California Cities—says that bolstering the Authority’s educational programming will be a key priority in his new leadership role.

“The Authority’s educational component has influenced me so much, and I want to pay that forward to whomever may come after me in the same capacity,” he says.

Asked about his 30-second elevator pitch on the Authority, he begins with a summary—“a self-insurance risk pool and risk management organization”—then goes on to describe that, more than simply providing insurance, the organization offers educational opportunities to prevent exposure: “The risk mitigation and risk management presentations and speakers that the Authority puts on are just phenomenal.”

A professional musician, producer and songwriter for more than 25 years, Goodman is an alumnus of California State University-Long Beach, where he earned a bachelor’s degree in Africana studies with a minor in entrepreneurship and is pursuing a master’s degree in public administration.

“I am grateful to have this opportunity to work with such a well-operating, well-organized committee, with experienced members who share my commitment to listening and building consensus,” says Goodman, “and with a phenomenal staff that does such a great job and is so efficient, I just couldn't be more excited.” 

News: Worthy

California JPIA 24th Annual Risk Management Educational Forum Scholarship Opportunity

The California JPIA is awarding a limited number of scholarships to attend the 24th Annual Risk Management Educational Forum. 

The purpose of these scholarships is to assist members who are otherwise unable to attend the Forum due to financial constraints at their agencies.  The Executive Committee has authorized two nights lodging at the Hyatt Regency Indian Wells during the Forum for each scholarship recipient.

Scholarships will be awarded on a competitive basis, with priority generally given to first-time Forum attendees who are most deserving and would like to learn about applicable risk management best practices and tools to implement back at their agencies. 

To be eligible to receive a scholarship, an applicant must:

  • Be an employee of a member agency of the California JPIA
  • Obtain supervisor or management approval to attend
  • Attend the Forum in its entirety
  • Be able to pay for any other related costs, including transportation to and from the Forum

Please click here to complete the scholarship application.  Applications must be submitted no later than Wednesday, June 19, 2019.  Selected recipients will be notified by e-mail in July.

For questions about the Forum scholarships, please contact Abraham Han, Administrative Analyst

Re: Members

Effectively Managing Risk – City of La Quinta

Public agencies face an uncertain and increasingly complex array of risks. The mission of those responsible for risk management is to identify, analyze, and evaluate risks and potential losses to a city as they relate to insurance coverage, safety, and claims.

Overall responsibility for risk management is found in different departments at different public agencies. While some agencies administer risk management within human resources, others administer the same functions within finance or the clerk/board secretary’s office. Each of these departments bring unique perspectives and expertise to the management of risk.

Further, while some agencies administer all risk management functions in one department, in other agencies risk management functions are divided. For example, liability claims may be handled through the clerk/board secretary’s office, while workers’ compensation claims and loss control may be handled through human resources. This division of risk management functions can create barriers to effective loss control and claims management.

The recent experiences of one Authority member, City of La Quinta, illustrate this point and provide a roadmap for how to navigate such challenges. Prior to 2016, the city’s risk management functions were administered by human resources. Staffing changes then resulted in management of liability and property exposures being transferred to the city clerk, while management of workers’ compensation and employee health and safety remained with human resources. Then, in mid-2018, due to more staffing changes, a decision was made to re-consolidate administration of all risk management functions under the umbrella of human resources.

According to Angela Scott, human resources and risk manager for City of La Quinta, the decision to move all risk management functions back to human resources was an easy one, “We realized that dividing risk management between two departments was not ideal. There is a lot of overlap between management of liability, property, and workers’ compensation exposures, so when the opportunity arose it made sense to consolidate those functions.” Scott also explains that taking advantage of Authority resources was key to a successful transition, “The consolidation included transferring the staff member responsible for risk management in the clerk’s office to human resources. The timing was such that we were able to send that individual to the California JPIA Risk Management Academy. That opportunity was critical in helping her learn about workers’ compensation and other related areas of risk management to which she had not been previously exposed.”

Consolidation of risk management functions also allowed the city to more efficiently address loss exposures. This is demonstrated by the city’s response to a recent risk management evaluation conducted by the Authority. Scott stated, “We created a master spreadsheet of action items and assigned those items by department. Human resources and risk management then worked with each department on completing their items. The spreadsheet is accessible by all departments so all staff can see the progress, or lack of progress, being made. This helps to keep departments accountable to one another.” Scott also explained that by prioritizing action items, the city was able to make incremental improvements to their risk management program. This included mitigating hazardous conditions and developing key policies, programs, and procedures.

If you have questions or would like more information about how to more efficiently manage risk at your agency, please contact your assigned regional Risk Manager.

The Court Report

Brown Act: The Importance Of Sticking To Your Agenda

By Chad W. Herrington, Denise S. Bazzano, and Thomas D. Jex, Burke, Williams & Sorenson, LLP

A recent Court of Appeal decision, Olson v. Hornbrook Community Services District, serves as an excellent reminder of the importance of preparing accurate agenda item descriptions, and the danger of taking action on an item that is not on the agenda.  In this case, Plaintiffs allege the District’s Board of Directors (the “Board”) violated the Brown Act (the “Act”) by failing to adequately describe on its agenda several items it acted on over the course of three District meetings, and for unreasonably limiting public comment. Plaintiffs sought to invalidate the Board’s resulting actions pursuant to section 54960.1 of the Act, but also to obtain a declaration to determine the applicability of the Act to the Board’s actions pursuant to section 54960.

The Facts: The Agenda Descriptions and Board Actions

In August 2016, the District included the following item on its meeting agenda: “RE: State Compensation Insurance Fund. Discussion, direction and possible motion to approve payment in the amount of $285.75 for quarterly premium due 8/25/16 for rating period 7/29/16 – 7/29/17.”  During the meeting, the District changed and approved the amount of the payment in question.  For its September 2016 meeting, the District included the following item on its consent agenda: “Approve bills and authorize signatures on Warrant Authorization Form for” various bills listed in the agenda.  At the meeting, when the consent agenda came up for discussion, the District secretary announced that she had received an additional bill from AT&T that she wanted to add to the agenda as a consent item. The Board approved the consent item with the added payment.  For its January 2017 meeting, the District included the following item on its consent agenda: “Approve bills and authorize signatures on Warrant Authorization Form for District expenses received through January 24, 2017.” The agenda did not list specific bills or amounts to be paid or warrants to be authorized. The Board approved the consent item.

Adequacy of Agenda Descriptions and Nullification under Section 54960.1

After sending cease and desist letters to the District and receiving no response, Plaintiffs filed suit and sought to nullify the District actions based on its alleged failure to adequately describe these matters in the agenda. The Court of Appeal noted that to achieve substantial compliance with Act and avoid nullification pursuant to section 54960.1 of the Act, agenda drafters must give the public a fair chance to participate in matters of particular or general concern by providing the public with more than mere clues from which they must then guess or surmise the essential nature of the business to be considered by a local agency. With regard to the August 2016 agenda, the court found that the amount of the payment, which was listed incorrectly in the agenda, was a technical error. Those who were interested in the payment had notice that it was going to be discussed, could attend and act upon it at the District’s August meeting, and would have been able to participate in the Board’s action regardless of the amount to be paid. The essential nature of the Board’s action was communicated and did not prevent public participation that would have otherwise occurred had the amount been accurately described.  Similarly, with regard to the January 2017 agenda, the court found that the description left no confusion as to the essential nature of the District’s action, which was to approve bills and authorize signatures for all expenses in the District received through January 24, 2017. Those interested in the District’s expenses would know from the agenda description that they needed to attend the meeting to participate in that discussion and action.

As to the September 2016 agenda, the court found that the District did not substantially comply with the Act.  Contrary to the agenda description for January 2017, on the September 2016 agenda, the Board indicated it would be approving a specific and exhaustive list of payments. Those interested in payments not listed, like the AT&T payment that was added at the time of the meeting, would not know to attend the September 2016 meeting so they would not be able to comment on the subject.  Accordingly, the court found that Plaintiffs had stated a cause of action under section 54960.1 in their complaint challenging the District’s September 2016 agenda description.  However, Court of Appeal made no holding as to whether the action to was proper under 54954.2(b)(2), which permits a legislative body to take action on items of business not appearing on the agenda based on specific findings.  Nor did the court make a determination on whether prejudice existed to nullify the Board’s action.

Declaratory and Injunctive Relief Under Section 54960

Plaintiff also sought relief pursuant to section 54960 to obtain a declaration and injunction from the court to force the District to comply with the Act in the future and admit it had not complied with the Act in the past. The Court found that unlike a cause of action under 54960.1 to nullify a prior legislative action, a local agency’s substantial compliance with the Act does not bar a plaintiff from obtaining declaratory or injunctive relief. Thus, in the case of the August 2016 agenda, while this description substantially complied with the Act and the Board’s action could not be nullified, the court did not find that it complied with the Act as contemplated in section 54960 because the local agency took an action different from the action described on the agenda. Those interested in this item would know to attend the August 2016 meeting to participate in the Board’s action; however, those interested in the particulars of the Board’s action may be persuaded not to attend the meeting in reliance on the agenda’s statement regarding the amount of the proposed payment. Accordingly, the court found that Plaintiffs stated a cause of action in their complaint challenging the District’s August 2016 agenda under section 54960 for declaratory and injunctive relief.

Validity Public Comment Policy

Lastly, Plaintiffs challenged the District policy of limiting public comment on items described in the agenda to the time when those items are being considered by the Board as being in violation of the Act. However, the Court of Appeal found that it was not an unreasonable regulation. It ensured the Board had a clear and complete understanding of the public concern regarding an item of business on the agenda at the time that item was to be transacted or discussed. Because the District provided the public comment periods required by the Act and its restrictions regarding those comment periods were reasonable, Plaintiff has failed to allege a violation of section 54960 based on the District’s public comment policy.

Legislative Update

By Abraham Han, Administrative Analyst

The California State Legislature continues to have a busy legislative session in 2019.  This month’s legislative update highlights a handful of bills related to workers’ compensation that are expected to have a significant impact to members.

The Authority provides this update to member agencies and partners to ensure familiarity with the impact of Sacramento’s actions on our day-to-day local government operations. The Authority’s legislative advocacy efforts are regularly coordinated with the California Association of Joint Powers Authorities and the League of California Cities.

Please note that bills are subject to amendments and revisions that can significantly change the meaning of the bill over time.  The Authority will continue to provide updated positions on key bills to members and partners.

AB 5 (Gonzalez). Worker status: independent contractors.

Position: Oppose
Summary: Current law, as established in the case of Dynamex Operations West, Inc. v. Superior Court of Los Angeles (2018) 4 Cal.5th 903 (Dynamex), creates a presumption that a worker who performs services for a hirer is an employee. Current law requires a three-part test (also known as the “ABC” test) to establish that a worker is an independent contractor. This bill would state the intent of the Legislature to include provisions within this bill that would codify the decision in the Dynamex case and clarify its application.

AB 9 (Reyes). Employment discrimination: limitation of actions.

Position: Oppose
: This bill would extend the period to file a complaint for discrimination or harassment out to four years from the occurrence. There is concern because the bill extends beyond only sexual harassment claims, which was the impetus for the bill.  Furthermore, this bill is currently written in a manner that could make it difficult for public entities to have the opportunity to reserve funds and collect appropriate documentation. The overall concern is that this bill may create unnecessary litigation. 

AB 218 (Gonzalez). Damages: childhood sexual assault: statute of limitations.

Position: Oppose
: This bill would expand the definition of childhood sexual abuse, which would instead be referred to as childhood sexual assault. This bill would increase the time limit for commencing an action for recovery of damages suffered as a result of childhood sexual assault to 22 years (compared to eight years) from the date the plaintiff turns 18 or within 5 years of the date the plaintiff discovers or reasonably should have discovered that the psychological injury or illness occurring after the age of majority was caused by sexual assault, whichever is later.

AB 749 (Stone). Settlement agreements: restraints in trade.

Position: Oppose
: This bill would prohibit an agreement to settle an employment dispute from containing a provision that prohibits, prevents, or otherwise restricts a settling party that is an aggrieved person, as defined, from working for the employer against which the aggrieved person has filed a claim or any parents company, subsidiary, division, affiliate, or contractor of the employer. The bill would provide that a provision in an agreement entered into, on, or after January 1, 2020, that violates this prohibition is void as a matter of law and against public policy. This bill would preclude an employer from prohibiting an employee that has engaged in unlawful or egregious conduct, from seeking future employment with the same employer. 

AB 932 (Low). Workers’ compensation: off-duty firefighters.

Position: Oppose unless amended
Summary: Multiple organizations, including the California Association of Joint Powers Authorities and the League of California Cities, oppose this bill unless it is amended to include local discretion and a limitation in the types of out-of-state situations that would be covered by the measure. In its current text, this bill does not acknowledge that the broad application of its provisions would lead to exposure to civil liability and major investigative difficulties by the local governments that employ the firefighters.

AB 1107 (Chu). Workers’ compensation.

Position: Oppose
: This bill would preclude the use of utilization review for a serious chronic condition, cases where the employer previously authorized care, and cases where treatment is provided by a medical provider network (MPN) physician. This bill would eliminate utilization review for workers’ compensation in most circumstances and would likely eliminate the independent medical review (IMR) process. The bill was recently amended to include a provision for injured workers to pursue penalties for delays in treatment caused by the utilization review process.

AB 1286 (Muratsuchi). Shared mobility devices: agreements.

Position: Support
Summary: This bill would set minimum commercial insurance requirements to shared mobility device providers.  Shared mobility devices are electronically motorized boards, motorized scooters, electric bicycles, bicycles, or other personal transportation devices that are not motor vehicles. This bill supports the notion that cities contracting with a shared mobility service provider should not have to bear the cost or assume liabilities incurred by the shared mobility service provider and a shared mobility device user.

SB 542 (Stern). Workers’ compensation.

Position: Oppose
Summary: This bill would provide that in the case of certain state and local firefighting personnel and peace officers, the term “injury” also includes a mental health condition or mental disability that results in a diagnosis of post-traumatic stress disorder (PTSD) or mental health disorder that develops or manifests itself during a period in which the firefighting member or peace officer is in the service of the department or unit. These provisions would apply to claims for benefits filed or pending on or after January 1, 2017.

SB 731 (Bradford). Workers’ compensation: risk factors.

Position: Support if amended
Summary: Current law requires a physician who prepares a report addressing the issue of permanent disability due to an industrial injury to address the cause of the permanent disability in the report, including what approximate percentage of the permanent disability was caused by other factors before and after the industrial injury, if the physician is able to make an apportionment determination. This bill would prohibit consideration of race, religious creed, color, national origin, age, gender, marital status, sex, sexual identity, sexual orientation, or genetic characteristics to determine the approximate percentage of the permanent disability caused by other factors.

The Authority will continue to monitor these bills and others as the legislative session continues.

If you have any questions, please contact Abraham Han, Administrative Analyst.

Risk Solutions

Understanding and Managing Valley Fever

By Tim Karcz, Senior Risk Manager

With summer approaching, California JPIA members should be aware of their potential exposure to Valley Fever, a respiratory condition caused by a microscopic fungus known as Coccidioides immitis. This fungus lives in the top 2 to 12 inches of soil in many parts of the state, with the highest rates of exposure being in the Central Valley and the Central Coast. When contaminated soil is disturbed by activities such as digging, grading, vehicle operations on dirt roads, or high winds, fungal spores can become airborne and potentially be inhaled by workers. Many people who are exposed never have symptoms, while others experience flu-like symptoms (fever, headaches, aches in upper body and legs) that usually go away on their own after a few weeks. If symptoms last more than a week, medical attention should be sought.

Valley Fever can be managed and prevented through a formal Respiratory Protection Program, in conjunction with taking the following steps to reduce worker exposure in areas with high incidence rates:

  1. Minimize the area of soil disturbed
  2. Use water, appropriate soil stabilizers, and/or re-vegetation to reduce airborne dust
  3. Stabilize all spoils piles by tarping or other methods
  4. Clean tools, equipment, and vehicles before transporting offsite
  5. Provide air-conditioned cabs for vehicles that generate heavy dust and make sure workers keep windows and vents closed
  6. Suspend work during heavy wind
  7. If workers’ clothing is likely to be heavily contaminated with dust, provide coveralls and changing rooms, and showers where possible.

Encourage workers to report Valley Fever symptoms promptly to a supervisor and to follow agency procedures for reporting a work-related injury.

Information on Valley Fever is offered through the California JPIA’s Respiratory Protection Training program, available at Additional resources can be found from the Centers for Disease Control and Prevention (CDC):

For more information, contact your regional Risk Manager.

Risk Solutions

Mandated Reporters at Your Agency

By Maria Galvan, Risk Manager

Nearly 700,000 children are abused in the United States annually.[1] According to the National Institute on Aging, nearly one in ten adults over the age of 60 are abused, neglected, or financially exploited.[2] Orange County Social Services states that the full scope of elder and dependent abuse is limited due to the problem's hidden and complex nature; over 225,000 Californians become victims each year.[3] In order to protect children, the elderly, and dependent adults from abuse and neglect, there are laws in place requiring individuals to report known or suspected instances of abuse or neglect.

The Child Abuse and Neglect Reporting Act, or CANRA, (California Penal Code, Sections 11164-11174.3) requires employees who may have direct contact with or supervision of children (under the age of 18) in the course of their professional duties to report known or suspected child abuse or neglect.  Similarly, under California’s Elder Abuse and Dependent Adult Civil Protection Act (EADACPA or the “Elder Abuse Act”), Welfare and Institutions Code Sections 15600 et seq., employees of public facilities that provide care or services for elder or dependent adults in the course of their professional duties are required to report known or suspected abuse of dependent or elder adults. Failure to fully comply with CANRA and the Elder Abuse Act reporting requirements subjects a mandated reporter to criminal and civil penalties.

A complete list of positions defined as mandated reporters (for child abuse and neglect) under the law is provided in California Penal Code, Section 11165.7(a)Welfare and Institutions Code Section 15610.17 provides a complete list of positions defined as mandated reporters (for elder and dependent adult abuse and neglect) under the law. Most members have one or more classifications meeting the definition of a mandated reporter, such as police and fire, code enforcement, childcare, parks and recreation, and senior center personnel. Thoroughly reviewing the lists of positions and identifying your agency’s mandated reporters is advised.

With regard to volunteers, CANRA does not identify volunteers (except as provided in paragraph (35) of subdivision (a) an employee or volunteer of a Court Appointed Special Advocate program), whose duties require direct contact with and supervision of children as mandated reporters, but encourages volunteers to receive training in the identification and reporting of child abuse and neglect and further encourages reporting of known or suspected instances of child abuse or neglect. The Elder Abuse Act differs, as it states that any person who has assumed full or intermittent responsibility for the care or custody of an elder or dependent adult, whether or not he or she receives compensation, is a mandated reporter.

Recently, the Authority received an inquiry about contract tutors and instructors. Contracted tutors may fall under Section 11165.7 (a) 8 of CANRA if they are employees of a public or private organization who have been assigned under contract to perform work for an agency as part of his or her duties. Some of the definitions of mandated reporter apply regardless of the type of employing entity involved or the specifics of the duties. For example, Section 11165.7(a) states “a teacher.”  At a minimum, this would include anyone who provides instruction in a classroom setting, such as a dance, craft, or sports instructor. Ultimately, the law is clear that the obligation to report is an individual requirement.  If a person has already been designated a mandated reporter elsewhere, that designation may carry the reporting obligation over to contract work. Members can choose to offer contractors the opportunity to attend mandated reporter training that is offered to employees as long as it is clearly stated in writing and verbally that the training opportunity does not change their status as contractors. Members can also encourage contractors to report reasonable suspicion of abuse to the appropriate agency. Consulting with legal counsel on your agency’s decision is recommended.

The Authority is committed to assisting member agencies and employees in following the requirements and understanding responsibilities under the law. Mandated Child Abuse and Neglect Reporting and Mandated Elder and Dependent Adult Abuse and Neglect Reporting policy templates are available at The policy templates are intended to identify employees who are required to report child, elder, or dependent adult abuse under the law, set forth the timeline and procedures for making reports, identify safeguards for reporting parties, identify penalties for failing to comply with reporting obligations, and establish additional obligations of the member and its employees and volunteers.

The Authority also offers instructor-led mandated reporter training. To schedule training, please contact Michelle Aguayo, Training Coordinator.

Free general, childcare, and law enforcement child abuse mandated reporter training is available through the Child Abuse Mandated Reporter Training Project, funded by the California Department of Social Services (CDSS) and Office of Child Abuse Prevention. An e-learning training for elder and dependent adult abuse can be found on the CDSS website. CANRA strongly encourages training, but it is only required for certain educational agencies and childcare providers. The Elder Abuse Act and Welfare and Institutions Code only requires training if the employer is a hospital/healthcare/residential facility or a financial institution.

As a best risk management practice and to ensure that employees understand their responsibilities under the law, the Authority recommends that all mandated reporters receive training. If you have questions, please contact your assigned risk manager.




Coverage Matters

Cyber Incident Response Readiness

By Jim Thyden, Insurance Programs Manager

The Authority provides all members with cyber coverage in the Cyber Liability Program. So, what does it mean to be ready for a cyber incident? The article below raises some key concepts, and also contains a link to the United States Department of Justice (DOJ) “Best Practices for Victim Response and Reporting of Cyber Incidents” (Guidance).

Republished with permission from ePlace Solutions, a business partner of the California JPIA. 

Get “Incident Response” Ready with Help from the DOJ

Being ready and able to effectively respond to a cyber incident is vital in terms of minimizing the resulting damages, but do you know what to do or where to look for assistance?

An effective response means having a plan before a cyber incident occurs. To help with your incident response planning efforts, the U.S. Department of Justice (“DOJ”) recently released a revised version of its “Best Practices for Victim Response and Reporting of Cyber Incidents” (Guidance). The DOJ’s Guidance was based on the real-life lessons learned by federal officials with input from private companies who managed cyber incidents.

The Guidance consists of four sections:

  • Steps to Take Before a Cyber Intrusion or Attack Occurs
  • Responding to a Cyber Incident: Executing Your Incident Response Plan
  • What Not to Do Following a Cyber Incident
  • What to Do After a Cyber Incident Appears to be Resolved

The Guidance includes added incident response considerations, including ransomware, cloud computing, and working with cyber incident response firms. While it was intended mostly for smaller organizations, the beneficial advice and recommendations can be applied to entities of all sizes. 

A Key Priority

A critical first step in incident readiness is getting leadership buy-in. Senior management and other governing bodies need to understand how cyber threats can disrupt an organization, compromise its business model, destroy its reputation, damage customer confidence levels, and cause other types of harm. Getting leadership buy-in early on will enable key individuals to make proper resource decisions and set priorities.

The Takeaway

The updated Guidance is part of the DOJ’s campaign to engage with the private sector on cybersecurity issues. While the Guidance does not have regulatory effect, it is a useful tool for organizations seeking to align their policies with today’s cyber best practices. Review these best practices and improve your cyber incident readiness today! 

If you have any questions, please contact Jim Thyden, Insurance Programs Manager.