Incident Management

Owner: ALL Last revision: 04.01.2020

Objective#

To prevent any event that has the potential to affect the confidentiality, integrity or availability of information belonging to Further Digital Solutions (C4WEB STUDIO SRL), in any format, or IT systems in which this information is held.

Examples of information security incidents can include but are not limited to:

• Accidental or deliberate disclosure of information to unauthorised individuals e.g. an email containing unencrypted high risk personal information sent to unintended recipients
• Loss or theft of paper or electronic records, or equipment such as tablets, laptops and smartphones or other devices on which data is stored
• Inappropriate access controls allowing unauthorised use of information
• Attempts to gain unauthorised access to computer systems, e.g. hacking
• Records altered or deleted without authorisation by the data “owner”
• Introduction of malware into a computer or network, e.g. a phishing or ransomware attack
• Denial-of-service or other cyber-attack on IT systems or networks
• Leaving IT equipment unattended when logged-in to a user account without locking the screen to stop others accessing information
• Audible discussion of confidential topics in public

Application#

This policy applies to:

• All information created or received by Further in any format, whether used in the workplace, stored on portable devices and media, transported from the workplace physically or electronically or accessed remotely
• All IT systems managed by, or on behalf of Further
• Any other IT systems on which Further information is held or processed

Responsibility#

All users (including third-parties), who are given access to Further information, IT and communications facilities have a responsibility to:

• Minimise the risk of vital or confidential information being lost or falling into the hands of people who do not have the right to see it
• Protect the security and integrity of IT systems on which vital or confidential information is held and processed
• Immediately report suspected information security incidents so that appropriate action can be taken to minimise harm.

The Technical Lead is responsible for reporting, investigating and taking appropriate action to address breaches of security.

The Managing partner is responsible for reporting and notifying all third-parties or customers who have been affected by breach of security. If third-party or customers wishes to remain anonymous, Further has to obligation to keep their anonimity.