Versions Compared

Old Version 29

changes.mady.by.user Bruno Belizario

Saved on

compared with

New Version Current

changes.mady.by.user Bruno Belizario

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties

Version

1.45

Owner

CTO

Last Updated On

02 Sep

Last Updated by

Bruno Belizario

Approved by

Sean Oldfield

Last Review

02 Sep

Subscribe to an RSS feed to be notified when we update the Incident Response Plan (note: you will need to cut and paste the "Subscribe to an RSS feed" URL into an RSS Feed Reader to monitor updates).

...

S1 - Critical Severity: S1 issues require immediate notification to Tech Team management.

 S2 - High Severity: A Trello ClickUp card must be completed, and the appropriate manager (see S1 above) must also be notified via e-mail or Google with a link to the card.

S3/S4 - Medium and Low Severity: A Trello ClickUp card may be created at the descretion of the incident responder and assigned to the appropriate department for response, except in the case of application regressions.

...

All reported security events, incidents, and response activities shall be documented and adequately protected in the Trello ClickUp Board specified in Appendix D. This includes, but it’s not limited to, associated evidence of the reported incident e.g. report e-mails or Google threads, and all remediation steps including required code/infrastructure changes, and subsequent customer communication.

...

Jurisdiction

Governing Legislation

Notifiable Authorities

New Zealand

https://www.legislation.govt.nz/act/public/2020/0031/latest/LMS23223.html

Office of the Privacy Commissioner

https://www.privacy.org.nz/responsibilities/privacy-breaches/notify-us/report-a-breach/

Australia

https://www.legislation.gov.au/Details/C2022C00361

Office of the Australian Information Commissioner

https://www.oaic.gov.au/privacy/notifiable-data-breaches/report-a-data-breach

ACT Public Sector

https://www.legislation.act.gov.au/a/2014-24/default.asp

Europe

https://gdpr-info.eu/

Local Supervisory Authorities:

https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-de

Appendix D - Incident Collection Form

We created a Trello ClickUp Board (https://trelloapp.clickup.com/b/nzjhbfqZ/incident-response-plan9016394710/v/o/f/90162861133) to manage the reported incidents. The Incident Collection Form was created inside a template card (https://trello.com/c/upReKW5E/1-incident-collection-form-template-title-goes-here) on this board.

Appendix E - GDPR Breach Procedures for Personally Identifiable Information (PII) of EU Residents

...