1. Introduction

The effectiveness of our Incident Response Procedure is regularly reviewed and updated to adapt to new challenges in the cybersecurity or data breach landscape. Trust that we maintain an unwavering commitment to preserving the confidentiality, integrity, and availability of all data under our care.

2. Objective

The principal aim of this Incident Response Procedure is to establish a well-defined, organised approach for handling various types of security incidents, particularly those that threaten the confidentiality, integrity, and availability of organisational information assets.

3. Scope

This procedure applies to all employees, systems, and facilities at GrowMore, as well as any third-party collaborators, such and partners, with whom we share a professional relationship.

4. Incident Identification

4.1 Incident Detection

4.1.1. Automated Tools: Advanced monitoring tools actively scan for anomalies, suspicious activities, or unauthorised access.

4.1.2. Human Detection: Employees are trained to report unusual behavior or patterns in the system.

4.2 Initial Assessment

4.2.1 Triage Team: Comprises experienced security analysts who assess the situation initially.

4.2.2 Criteria: Severity, impact, and urgency criteria are set to evaluate the nature of the incident.

5. Categorization and Prioritisation

5.1 Severity Levels

5.1.1 Classification Schema: Incidents are categorised as Low, Medium, High, or Critical based on a set of predetermined criteria.

5.1.2 Mapping: The level of severity is mapped to the corresponding response plan.

5.2. Prioritisation

5.2.1 Incident Scoring: A risk score is assigned to help prioritise incident handling.

5.2.2 Escalation Matrix: Incidents involving highly confidential information are escalated through an established hierarchy.

6. Response and Containment

6.1 Immediate Response

6.1.1 Incident Commander: Our Technical Lead acts as the CISO and serves as the Incident Commander who directs the response operation.

6.1.2. Task Forces: Cross functional teams are deployed based on the nature of the incident.

6.2 Containment

6.2.1 Short-term Measures: Immediate steps are taken to isolate affected systems temporarily to contain the breach.

6.2.2 Long-term Measures: A more sustainable containment solution is implemented, ensuring system stability while the root cause is identified.

7. Notification

7.1 Internal Communication

7.1.1 Internal Alert System: An automated notification system informs key internal stakeholders.

7.1.2. Communication Plan: A detailed plan outlines who needs to be informed, when, and how.

7.2 External Communication

7.2.1 Client Notification: In cases involving exposure of confidential information or other security breaches, Clients will be notified within 72 hours in a manner that is consistent with legal and contractual obligations.

7.2.2. Communication Plan: If applicable, notifications will be sent to governmental or regulatory bodies within prescribed time frames.

8. Remediation and Recovery

8.1 Incident Analysis

8.1.1 Forensic Analysis: A detailed forensic investigation helps identify the root cause.

8.1.2. Post-Incident Review: After the incident is controlled, a comprehensive review is conducted.

8.2 System Restoration

8.2.1 Validation: Systems undergo a validation process to ensure they are clean before reinstatement.

8.2.2. Monitoring: Post-restoration, the systems are closely monitored for a specified period to ensure stability.

9. Documentation

9.1 Incident Logs

9.1.1 Chronology: A chronological log is maintained that captures all actions, decisions, and individuals involved.

9.1.2. Evidence Archival: Any relevant data or artifacts are securely archived for potential future investigations.

9.2 Report Generation

9.2.1 Executive Summary: A high-level summary for senior management.

9.2.2. Detailed Analysis: A comprehensive breakdown for technical teams, including recommendations for future enhancements.

10. Acknowledgement and Awareness

10.1 Policy Acknowledgment

10.1.1. All employees and key stakeholders must read and acknowledge their understanding of this procedure.

10.1.2. The policy acknowledgment will be documented and kept on record.

11. Policy Violations and Consequences

11.1 Violations of this Incident Response Procedure may result in disciplinary action, up to and including termination of employment.

11.2 Serious violations or deliberate attempts to compromise security will be subject to legal action.

This robust procedure not only reflects our unwavering commitment to security but also aligns with our overarching operational philosophy of integrity and excellence.