Retainer agreement
Definition
A contract between an organisation and an external IR firm that guarantees a defined response time and service scope in exchange for a pre-paid monthly or annual fee. Retainers ensure the firm has pre-authorised access to the environment and is familiar with the organisation's architecture before an incident occurs.
Related terms
- CSIRT
- Computer Security Incident Response Team. The organisational unit responsible for preparing for, detecting, coordinating, and resolving security incidents. Sometimes called CERT (Computer...
- FIRST
- Forum of Incident Response and Security Teams. A global membership organisation that sets standards for CSIRT capability and facilitates trusted information sharing...
- Legal liaison
- The CSIRT role responsible for advising on legal obligations during an incident: evidence preservation requirements, breach notification deadlines, law enforcement engagement, and...
- National CERT
- A government-operated or government-designated team responsible for coordinating cyber incident information at the national level. Examples include CERT-In (India), CISA (US), NCSC...
- Team lead
- The person who owns the incident response process during an active incident. The team lead coordinates analyst tasks, manages escalation to leadership,...
Explained in
- Building a Computer Security Incident Response TeamA contract between an organisation and an external IR firm that guarantees a defined response time and service scope in exchange for a pre-paid monthly or annu...