Legal

Privacy Policy

Complaints Procedure

Incident Response

We follow a rapid set of steps as soon as a security or data incident is identified. The high-level steps we follow in the event of an incident are as follows.

  1. We identify or are notified of a potential incident
  2. We investigate the situation
  3. We take appropriate action to contain the situation
  4. We recover systems, data and connectivity if disrupted
  5. We conduct further deep-dive investigation to identify whether there was in fact an incident or whether it was a false alarm.
  6. If a positive incident is confirmed, our Information Officer will report the incident to relevant internal stakeholders, and if necessary; customers, regulators and law enforcement.
  7. We carry out a post-incident review and conduct forensic analysis.
  8. We update information, controls and processes going forward to eliminate the threat of recurrence.