We consider incident management an event that affects the confidentiality, integrity or availability of assets. Whether insignificant or major, they are all referred to as incidents. We have a comprehensive incident management policy with associated processes that cover all aspects of information security.
Our staff are encouraged to report incidents no matter how trivial they may seem (even suspected) and those are logged for audit and tracking purposes. Corrective and mitigating actions are taken in all cases, lessons learned documented and where relevant the incident report is shared with the client.
Where appropriate, issues may be included on the Information Asset and Risk Database for further consideration or processes modified, and further awareness provided to staff where human error is determined as a root cause.
Where an incident involves or has a direct impact on a client, that client will be contacted as soon as the incident is identified to ensure any subsequent reporting by the controller can be fulfilled. The method of communication will depend upon the nature and severity of the incident.
We will provide the affected party with a comprehensive incident report that contains information relating to the incident, the timeline, actions taken, summary and any remediation required.
Data breaches
We consider data breaches within the remit of incident management as described above and do not have a separate process.
All breaches would be tagged as ‘Data Breach’ in order that the controller may notify the supervising authority if necessary, within the 72 hour window. Thereafter, the processes are as above.
We do not increase liability within contracts because of the amendment within the GDPR that makes processors equally liable for breaches they have caused. We do, however, ensure we have adequate cyber insurance coverage.
Need further support?
If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.