Forensic Readiness Plan

Forensic Readiness Plan is a crucial element in assessing your organisation’s readiness to respond to a compliance requirement, a digital forensic investigation, or as part of an internal investigation. Is your organisation forensically ready?

How exactly do you become forensically ready?

The term ‘forensically ready’ relates to the ability to forensically examine your data so that you know;

  • where it actually resides.
  • who has accessed, copied or moved individual files.
  • that you are capable of conducting a forensic data audit in the event of a breach. 

This level of security can’t be handled with any one simple intrusion detection tools. What’s needed is a comprehensive cybersecurity platform to deliver the Privacy Impact Assessments as required.


A simple test can help you understand whether you’re ready and able to comply with these new measures. Ask yourself these four simple questions:

  • Do you know where all your data resides?
  • In the event of a breach, can you prove that all the correct processes and procedures are in place?
  • Have these processes and procedures been robustly tested and adjusted accordingly in a Business Continuity Stress Test?
  • Does your agency/department fully understand and follow the elements of good data handling practices?


The ability to audit your data will enable you to track the flow of sensitive data within your organisation and ensure that only authorised movement occurs.

  • Are you able to assess whether personnel have taken data with them when they move?
  • Are they authorised to do so?
  • Is data where it is supposed to be or allowed to be?


When unauthorised movement takes place, this can be flagged and corrective action can be taken. Have you costed out the financial price of non-compliance with data reporting requirements, e.g. increased legal fees related to the disclosure of an increased number of custodians? Investment in an effective data audit solution can reduce long term spending by eliminating the need for expensive third party consultants.

Are you able to manage the risk to your reputation if a data breach occurs? Public sector organisations handling data relating to the most vulnerable in society carry a burden of trust. Private sector organisations that suffer a data loss are likely to pay the price in loss of customers and a falling share price; public sector organisations may not suffer such tangible consequences directly, but the risk to their reputation and governance is as real.

Forensic Readiness – Five Key Guidelines

To have a robust Forensic Readiness Plan in place, organisations and departments need to be able to gather evidence on potential criminal activity or disputes legally and without causing disruption to day-to-day business.

This must also be done cost-effectively and in proportion to the incident

Some of the key elements of putting together a Forensic Readiness Plan (and becoming ‘forensically ready’) are:

  1. Define the business scenarios that require digital evidence. When is it appropriate to gather evidence and when is it not? 
  2. Identify sources of evidence and what sort of evidence it is. Make sure you have the resources to hand to look for it. 
  3. Know what you’re looking for before you go and look for it. Don’t gather too much or too little. Have a clear idea of what circumstances need to be in place to trigger a fuller investigation.
  4. Establish security and storage rules for the handling of evidence.  Keep an eye on the evidence once you have it – and make sure staff understand the consequences of not following these procedures.
  5. Provide a documented a real-world example that everyone can run through in advance.  Ensure that all parties, including legal, are confident that the processes in place are correct.