top of page

< Back to policies

Security and Incident Management

 

Panacea Software Security Incident Management Policy

 

Definition of security incident:

Any change in the everyday operations of our information technology service, indicating that Panacea’s Terms of Use (https://www.panacea-software.com/terms-of-use) or other IT-related policies may have been violated or a security safeguard may have failed.

 

Scope:

This policy is intended to provide details on the incident management processes that will be followed in the event of a security incident or data breach.

 

Policy:

1.   All users of Panacea are responsible for ensuring the safety and security of the system in accordance with our Terms of Use (see above) and Software Maintenance Policy (https://www.panacea-software.com/software-maintenance-policy).

 

2.   In the event of an incident being identified and reported, Panacea will investigate the issue and take possible steps to minimise any resultant impact on clients and the business.

 

3.   Panacea will report the incident (details, root cause, impact, corrective action) to the subscriber at the earliest possible opportunity.

 

Customers’ and Users’ responsibilities:

1.   Please refer to section 6 (Customer’s Obligations) and other relevant sections in our Terms of Use.

 

2.   Panacea users/external entities must contact and notify Panacea Support as soon as a security incident is suspected or identified. This can be done via any of the following routes:

a.   phone: 02079760116

b.   email:  info@panacea-software.com or           support@panacea-software.com

c.    our website’s ‘Contact Us’ page:            https://www.panacea-software.com/contact-us 

 

3.   As much information as possible must be provided, including:

a.   details of the incident/data breach.

b.   cause(s) or suspected cause(s).

c.    steps (if any) which the customer/user has taken to resolve the issue.

d.   impact (if any) on the software and on information stored on the software.

e.   when did the incident happen?

f.     steps and users affected

g.   steps taken so far

h.   any additional information.

We may request that you complete our Security Incident Reporting form if further details are needed.

 

Panacea’s responsibilities:

4.   Panacea staff must notify Management as soon as a security incident is suspected or identified.

5.   Panacea will thoroughly investigate and analyse

a.   cause(s) of the incident.

b.   impact (if any) on the software and on information stored on the software.

c.    any immediate action which may help to minimise impact on the business and clients, in accordance with our Terms of Use.

d.   suitable measures which may help to avoid the incident recurring.

e.   (if appropriate) steps outlined in Panacea’s Continuity of Business policy (subject to discussion between Management and Clients)

 

6.   Incidents covered by this policy are classified as Severity Class 1 and are managed in accordance with the response and resolution times specified in our Maintenance Policy.

 

 

Common Information Security Incidents - Examples & Response Actions:

 

The following are typical examples of information security incidents that may arise in the normal operation of a cloud-hosted service. They are intentionally high-level and do not describe system details or potential vulnerabilities.

 

 

 

a)  Unauthorised or Suspicious Access Activity

Examples may include unusual login behaviour or user access that appears inconsistent with expected usage.

Response:

Panacea will investigate, secure affected accounts where necessary, and notify subscribers as appropriate.

 

b)  Incorrect or Accidental Disclosure of Information

For example, information being shared with an unintended recipient or access permissions being incorrectly applied.

Response:

Panacea will take prompt action to correct access, assess impact, and work with the subscriber to resolve the issue.

 

c)   Service or System Disruption

This may include unexpected interruptions affecting availability due to external or internal factors.

Response:

Panacea will restore normal service, investigate the underlying cause, and apply measures to prevent recurrence.

 

d)  Improper Use of the Software

Use of the platform in a way that does not align with our Terms of Use or agreed processes.

Response:

Panacea will review the activity, determine any impact, and guide appropriate corrective actions.

 

bottom of page