Versions Compared

Version Old Version 7 New Version 8
Changes made by

Roxy Sanchez

Roxy Sanchez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleDoes your organisation have a process for employees, contractors, and suppliers to report suspected or known information security breaches and weaknesses?

Does your organisation have a process for employees, contractors, and suppliers to report suspected or known information security breaches and weaknesses?

We log every data breach or suspected data breach. We track the date, severity and resolution.

Upon becoming aware of a security incident an assessment must be made to understand if a data breach has occurred, and if so to what extent. The assessment is broken up into 2 stages: triage and investigation. The purpose of this is to ensure that appropriate mechanisms are in place to identify when a data breach has occurred with a proportional amount of resource. The objectives of this procedure are:

  • To identify if a data breach has occurred

  • To identify the nature of the breach (from where it originated and if malicious, erroneous, etc)

  • To identify the outcome of the breach (what has happened to the data - temporary/permanent loss, erroneous transmission to a trusted supplier, theft, accidental/malicious change)

  • To identify the categories of data subject affected by the breach (clients, employees, etc)

  • To identify the number of data subjects likely to be affected by the breach

  • To identify the categories of data affected by the breach

  • To identify if the data is likely to be used in a manner that could be detrimental to data subjects (risks to rights and freedoms)

  • To identify the classification of Commonplace in relation to the affected data (Controller or Processor)

  • To identify if a data breach needs to be reported to the ICO, Data Controllers or Data Subjects.

We also have a guidance document as part of our Information Security Management System.

More information: https://commonplace.atlassian.net/l/cp/3w860NLJ

Expand
title Does your organisation have a process for reporting information security breaches that affect your clients to them in a timely manner?

Does your organisation have a process for reporting information security breaches that affect your clients to them in a timely manner?

Upon becoming aware of a security incident an assessment must be made to understand if a data breach has occurred, and if so to what extent. The assessment is broken up into 2 stages: triage and investigation. The purpose of this is to ensure that appropriate mechanisms are in place to identify when a data breach has occurred with a proportional amount of resource. The objectives of this procedure are:

  • To identify if a data breach has occurred

  • To identify the nature of the breach (from where it originated and if malicious, erroneous, etc)

  • To identify the outcome of the breach (what has happened to the data - temporary/permanent loss, erroneous transmission to a trusted supplier, theft, accidental/malicious change)

  • To identify the categories of data subject affected by the breach (clients, employees, etc)

  • To identify the number of data subjects likely to be affected by the breach

  • To identify the categories of data affected by the breach

  • To identify if the data is likely to be used in a manner that could be detrimental to data subjects (risks to rights and freedoms)

  • To identify the classification of Commonplace in relation to the affected data (Controller or Processor)

  • To identify if a data breach needs to be reported to the ICO, Data Controllers or Data Subjects.

We also have a guidance document as part of our Information Security Management System.

...