This guideline describes about how an security incident that has an impact on personal data is communicated with IPERA partners and customers
Step 1: Incident Identification
When a security incident is identified or reported, our Incident Response Team immediately classifies it based on severity and potential impact on clients.
Step 2: Customer Notification Timeline
- For incidents impacting personal guest data or service availability, IPERA Partners and Clients are notified within 24 hours of detection, as per our Incident Response Policy.
- Notifications include initial findings and any immediate measures clients may need to take.
Step 3: Notified Customer Personnel & Channels
IPERA uses email alerts to all tenant admin users defined in IPERA system
Step 4: Incident Details
- IPERA notification message includes:
- A description of the incident
- The scope of the impact (systems/data affected)
- Actions we are taking to mitigate the issue.
- Recommended actions for clients (if applicable).
- A detailed incident report is provided after the resolution, including root cause analysis and preventive measures.
Step 5: Ongoing Updates
IPERA provides regular updates in incident until it is fixed including expected timeline for resolution
Step 6: Post-Incident Communication
- After the incident is resolved, IPERA provides:
- An Incident Summary Report, including root cause analysis and steps taken to prevent recurrence
- Guidance on any recommended actions clients should take (if any)
Step 7: Compliance with Standards
Our incident response procedures comply with industry standards and frameworks such as ISO 27001, GDPR, or SOC 2, ensuring transparency and accountability in client communications
Step 8: Proactive Measures
Regular incident response drills and tabletop exercises are conducted to ensure preparedness for handling and communicating security incidents effectively
Comments
0 comments
Please sign in to leave a comment.