RACI Matrix

Description of the RACI matrix in Annexure D

The RACI (Responsible, Accountable, Consulted, and Informed) matrix defines the roles and responsibilities between a Managed Security Services Provider (MSSP) and a Regulated Entity (RE) in a security operations context.

Understanding RACI Roles:

  • R (Responsible): The entity that performs the task.

  • A (Accountable): The entity that is ultimately answerable for the task and ensures it is completed.

  • C (Consulted): The entity that provides input, expertise, or recommendations before the task is completed.

  • I (Informed): The entity that receives updates on task progress or outcomes.

Sl.No

Capabilities / Activities

MSSP

RE

1

Service Delivery / Metrics/ SLA Review & Reporting

R,A

A

2

Adherence to SLA

R, A

R,A

3

Provide a List of Log sources to be integrated with MSOC/EDR

C,I

R, A

4

Log Baselining sharing

R,A

C, I

5

HLD document with details of the security solutions currently in place

C,I

R, A

6

Technical issues and Troubleshooting of MSOC

R,A

I

7

Implementation and management of SIEM/Ticketing Tool

R, A

I

8

Storage and hardware required for log retention (6 Months online & 18 Months offline)

R, A

R, A

9

Role Matrix and Escalation Matrix

R, A

R, A

10

Deploy necessary cybersecurity solutions as applicable to the RE environment as per SOW

C,I

R, A

11

Log Baseline implementation

C,I

R,A

12

Configuration Management, VAPT, Patch Management.

C,I

R, A

13

SIEM/EDR Platform Administration

R, A

C, I

14

Use Cases - Content Creation/Review/Modification

R, A

C, I

15

24x7 SOC Monitoring & Alert Analysis

R, A

C, I

16

Incident Detection

R, A

C, I

17

Incident severity & priority assignment

R, A

C, I

18

Incident Notification

R, A

C, I

19

Incident Escalation

R, A

C, I

20

Incident response/investigation

C, I

R, A

21

Incident Resolution

C, I

R, A

22

Forensics (If applicable)

C, I

R, A

23

Root Cause Analysis

C, I

R, A

24

Incident Review and Closure

A, C

R

25

Recovery of impacted Device/System/Process

C, I

R, A

26

Restoration from Archival/Backup

C, I

R, A

Detailed Explanation of Each Capability/Activity in the RACI Matrix:

  1. Service Delivery / Metrics/ SLA Review & Reporting

    • MSSP (R, A): The MSSP is responsible and accountable for preparing reports, tracking SLA adherence, and presenting service metrics.

    • RE (A): The RE acknowledges and acts based on these reports.

  2. Adherence to SLA

    • MSSP (R, A): Ensures SLAs are met in service delivery.

    • RE (R, A): Ensures SLAs are adhered to from their end (e.g., timely approvals, responses).

  3. Provide a List of Log Sources to be Integrated with MSOC/EDR

    • MSSP (C, I): Consulted for recommendations and informed about updates.

    • RE (R, A): Responsible and accountable for providing the list.

  4. Log Baselining Sharing

    • MSSP (R, A): Responsible and accountable for providing baseline logs.

    • RE (C, I): Consulted to confirm if the shared baselines align with their security needs and informed about changes.

  5. HLD Document with Security Solutions Details

    • MSSP (C, I): Consulted for feedback and informed about security design.

    • RE (R, A): Responsible for providing a High-Level Design (HLD) document listing security solutions in place.

  6. Technical Issues and Troubleshooting of MSOC

    • MSSP (R, A): Responsible for addressing SOC-related technical issues.

    • RE (I): Informed about technical troubleshooting progress.

  7. Implementation and Management of SIEM/Ticketing Tool

    • MSSP (R, A): Responsible for configuring and managing SIEM/ticketing tools.

    • RE (I): Informed about the implementation and management.

  8. Storage and Hardware for Log Retention (6 Months Online & 18 Months Offline)

    • MSSP (R, A): Responsible for ensuring proper storage and retention policies.

    • RE (R, A): Responsible for providing necessary storage and managing compliance.

  9. Role Matrix and Escalation Matrix

    • MSSP (R, A): Responsible for defining escalation procedures.

    • RE (R, A): Ensures the escalation framework aligns with organizational processes.

  10. Deploy Cybersecurity Solutions as per SOW

  • MSSP (C, I): Consulted to ensure best practices in deployment.

  • RE (R, A): Responsible for deploying and maintaining security tools.

  1. Log Baseline Implementation

  • MSSP (C, I): Provides recommendations.

  • RE (R, A): Implements and maintains log baselines.

  1. Configuration Management, VAPT, Patch Management

  • MSSP (C, I): Consulted for security configurations and informed about vulnerabilities.

  • RE (R, A): Responsible for applying updates, patches, and security configurations.

  1. SIEM/EDR Platform Administration

  • MSSP (R, A): Responsible for SIEM/EDR administration.

  • RE (C, I): Consulted on policies and informed about major changes.

  1. Use Cases – Content Creation/Review/Modification

  • MSSP (R, A): Develops and refines SIEM/EDR use cases.

  • RE (C, I): Consulted for specific requirements and informed about updates.

  1. 24x7 SOC Monitoring & Alert Analysis

  • MSSP (R, A): Monitors security logs and analyzes alerts continuously.

  • RE (C, I): Consulted on critical alerts and informed about security trends.

  1. Incident Detection

  • MSSP (R, A): Responsible for identifying security incidents.

  • RE (C, I): Consulted on detection parameters and informed about incidents.

  1. Incident Severity & Priority Assignment

  • MSSP (R, A): Assigns severity and prioritization of incidents.

  • RE (C, I): Consulted to validate criticality and informed about assigned severity.

  1. Incident Notification

  • MSSP (R, A): Notifies relevant stakeholders about incidents.

  • RE (C, I): Consulted on escalation needs and informed about ongoing incidents.

  1. Incident Escalation

  • MSSP (R, A): Ensures incidents are escalated as per protocol.

  • RE (C, I): Consulted on escalations and informed about incident progress.

  1. Incident Response/Investigation

  • MSSP (C, I): Consulted to assist in response activities.

  • RE (R, A): Responsible for managing and executing incident response.

  1. Incident Resolution

  • MSSP (C, I): Assists in remediation strategies.

  • RE (R, A): Ensures incidents are fully remediated.

  1. Forensics (If Applicable)

  • MSSP (C, I): Provides forensic expertise if required.

  • RE (R, A): Conducts forensic investigation where necessary.

  1. Root Cause Analysis (RCA)

  • MSSP (C, I): Consulted for insights into root causes.

  • RE (R, A): Responsible for conducting RCA and implementing corrective actions.

  1. Incident Review and Closure

  • MSSP (A, C): Accountable for documentation and consulted for closure verification.

  • RE (R): Final decision-maker for incident closure.

  1. Recovery of Impacted Device/System/Process

  • MSSP (C, I): Provides guidance on recovery strategies.

  • RE (R, A): Ensures systems are restored.

  1. Restoration from Archival/Backup

  • MSSP (C, I): Consulted for guidance.

  • RE (R, A): Responsible for restoring data from backups.

Key Takeaways:

  1. MSSP’s Primary Responsibilities:

    • SOC operations, including monitoring, alert analysis, and incident detection.

    • SIEM/EDR administration, use case management, and SLA reporting.

    • Supporting the RE in investigations, forensics, and incident response.

  2. RE’s Primary Responsibilities:

    • Security governance and compliance with internal/external policies.

    • Deployment of security solutions, log baseline implementation, and patch management.

    • Leading the incident response and resolution process.

  3. Shared Responsibilities:

    • SLA adherence, log retention, escalation matrices, and incident handling.

This RACI matrix ensures clear accountability between the MSSP and the RE, promoting efficient SOC operations, compliance, and faster incident response.

PreviousDigital Contract Signing ProcessNextUpdating Billing Information

Last updated