Notifying Relevant Authority & Parties

Owned by Roxy Sanchez
Last updated: Dec 18, 2022 by leigh

Does your organisation have a process for notifying the relevant Authority and all relevant parties (e.g. data controllers) when a breach occurs?

Yes. As part of our ISO 27001 certified ISMS, we have documented Incident Management Procedures that include a Data Breach Reporting Procedure. This provides guidance around what must be understood what actions should be taken following a suspected breach. This includes when authorities and other parties should be notified.