# Findings & Action Items — SC-A1 Cross-Tenant LLM Data Leak

**Exercise:** Q2 2026 Incident Response Tabletop
**Organisation:** Lumen.health (fictional)
**Date:** 14 May 2026
**Facilitator:** Priya Ramaswamy

> Scored against the scenario's success criteria, plus the action items the exercise surfaced. *Fictional content.* This is the artefact that gets filed as evidence (ISO 27001:2022 A.5.27, SOC 2 CC7.5).

---

## Scored success criteria

| Criterion | Result | Note |
|---|---|---|
| Incident declared ≤15 min of confirmation, named IC | ✅ Pass | Declared at 09:14, escalated to SEV-1 at 09:19. |
| Containment decision ≤30 min, blast radius acknowledged | ✅ Pass | 09:26; the org-wide feature loss was logged as a deliberate trade-off. |
| DPO made notifiability call; 72h clock start recorded | ✅ Pass | 09:41 call; clock anchored to 09:18 with documented rationale. |
| Customer-comms draft existed before the exercise ended | ⚠️ Partial | Holding reply drafted (09:33); a *breach-notification* draft to affected tenants was not finished in time. |
| A concrete "how we verified the leak is closed" step named | ✅ Pass | Cross-tenant retrieval probe gating re-enablement (10:08). |
| ≥3 remediation action items with owner + due date | ✅ Pass | 6 captured (below). |

**Overall:** 5 of 6 criteria met. The gap was breach-notification *drafting speed*, not the decision.

## What went well

- Fast, clean severity escalation with a clear single IC.
- The containment trade-off was made consciously and *recorded*, rather than defaulted into.
- The "re-enable on green probe, not on deploy" recovery gate is a genuinely good habit and should become standard.

## Action items

| # | Finding | Action | Owner | Due |
|---|---|---|---|---|
| AI-1 | Nobody had verified the feature flag disables *retrieval*, not just the UI. | Add a test asserting the kill-switch stops retrieval at the gateway; document it in the IR runbook. | Lukas Berg | 30 May 2026 |
| AI-2 | Gateway log retention (7 days) may be shorter than the bug's lifetime, limiting breach-scope analysis. | Raise cross-tenant access-audit log retention to 90 days; confirm what's needed for an Art. 33 scope determination. | Tom De Vries | 06 Jun 2026 |
| AI-3 | DPO reachability depended on her being in the room. | Add DPO + deputy to the on-call escalation tree with a documented out-of-hours path. | Priya Ramaswamy | 23 May 2026 |
| AI-4 | Breach-notification drafting was too slow under time pressure. | Pre-stage a GDPR Art. 33 notification template with the fields pre-mapped; add to the IR evidence locker. | Anne Verwoerd | 13 Jun 2026 |
| AI-5 | No standing "cross-tenant retrieval probe" tool existed; it was improvised. | Build the cross-tenant retrieval probe as a repeatable, scheduled check. | Lukas Berg | 27 Jun 2026 |
| AI-6 | Customer-comms holding reply was good but ad-hoc. | Add a "potential data incident" holding-reply template to the comms playbook. | Sofia Marino | 30 May 2026 |

## Runbook / procedure updates triggered

- **IR runbook §Containment** — add the kill-switch *retrieval* verification step (AI-1).
- **IR runbook §Notification** — link the pre-staged Art. 33 template (AI-4).
- **On-call escalation tree** — add DPO + deputy out-of-hours path (AI-3).

## Sign-off

- Incident Commander (Aisha Khan): **approved** — exercise complete, record accurate. 14 May 2026.
- Facilitator (Priya Ramaswamy): action items logged and assigned. Next tabletop scheduled for **Q3 2026** (target: a DR/recovery scenario).
