Notifying Relevant Authority & Parties
Does your organisation have a process for notifying the relevant Authority and all relevant parties (e.g. data controllers) when a breach occurs?
Yes. As part of our ISO 27001 certified ISMS, we have documented Incident Management Procedures that include a Data Breach Reporting Procedure. This provides guidance around what must be understood what actions should be taken following a suspected breach. This includes when authorities and other parties should be notified.