We follow a rapid set of steps as soon as a security or data incident is identified. The high-level steps we follow in the event of an incident are as follows.
- We identify or are notified of a potential incident
- We investigate the situation
- We take appropriate action to contain the situation
- We recover systems, data and connectivity if disrupted
- We conduct further deep-dive investigation to identify whether there was in fact an incident or whether it was a false alarm.
- If a positive incident is confirmed, our Information Officer will report the incident to relevant internal stakeholders, and if necessary; customers, regulators and law enforcement.
- We carry out a post-incident review and conduct forensic analysis.
- We update information, controls and processes going forward to eliminate the threat of recurrence.