Last updated December 2024
This policy governs response actions when security, privacy, or operational incidents occur.
Customer Experience Platform
Scope
Applies to:
- Infrastructure
- Applications
- Customer data
- Voice and communication modules
Incident Categories
- Security breach
- Data loss
- Service disruption
- Unauthorized access
- Malware or virus detection
Response Objectives
- Minimize impact
- Restore service quickly
- Preserve evidence
- Notify stakeholders promptly
Roles
- Incident Response Lead
- Security Officer
- Engineering Team
- Compliance Officer
Reporting Workflow
- Detect
- Contain
- Assess severity
- Remediate
- Report root cause
- Implement controls
Notification Timeline
Customers are notified of material breaches:
- Within 72 hours (GDPR)
Within reasonable time (POPIA)
Breach Notification
We will notify the Controller within 72 hours of discovering a confirmed security incident.
Post-Incident Review
We document:
- What happened
- Impact
- Lessons learned
- Preventive measures
