top of page

< Back to policies

Security and Incident Management

Definition of security incident:

Any change in the everyday operations of our information technology service, indicating that Panacea’s Terms of Use (https://www.panacea-software.com/terms-of-use) or other IT-related policies may have been violated or a security safeguard may have failed.

Scope:

This policy is intended to provide details on the incident management processes that will be followed in the event of a security incident or data breach.

 

Policy:

  1. All users of Panacea are responsible for ensuring the safety and security of the system in accordance with our Terms of Use (see above) and Software Maintenance Policy (https://www.panacea-software.com/software-maintenance-policy).

  2. In the event of an incident being identified and reported, Panacea will investigate the issue and take possible steps to minimise any resultant impact on clients and the business.

  3. Panacea will report the incident (details, root cause, impact, corrective action) to the subscriber at the earliest possible opportunity.


Customers’ and Users’ responsibilities:

  1. Please refer to section 6 (Customer’s Obligations) and other relevant sections in our Terms of Use.

  2. Panacea users/external entities must contact and notify Panacea Support as soon as a security incident is suspected or identified. This can be done via:

    1. phone: 02079760116

    2. email:  info@panacea-software.com or  support@panacea-software.com

    3. our website’s ‘Contact Us’ page: https://www.panacea-software.com/contact-us 

  3. As much information as possible must be provided using the attached form, including:

    1. details of the incident/data breach.

    2. cause(s) or suspected cause(s).

    3. steps (if any) which the customer/user has taken to resolve the issue.

    4. impact (if any) on the software and on information stored on the software.


Panacea’s responsibilities:

  1. Panacea staff must notify Management as soon as a security incident is suspected or identified.

  2. Panacea will thoroughly investigate and analyse

    1. cause(s) of the incident.

    2. impact (if any) on the software and on information stored on the software.

    3. any immediate action which may help to minimise impact on the business and clients, in accordance with our Terms of Use.

    4. suitable measures which may help to avoid the incident recurring.

    5. (if appropriate) steps outlined in Panacea’s Continuity of Business policy (subject to discussion between Management and Clients)

  3. Incidents covered by this policy are classified as Severity Class 1 and are managed in accordance with the response and resolution times specified in our Maintenance Policy.

 

Common information security incidents – examples & solutions:

  • Cyber-attack: Panacea’s Continuity of Business policy will be implemented, if necessary.

  • Loss or theft of equipment/devices (e.g. company laptop): Client Services and Development teams will change critical application passwords, monitor usage of these accounts and erase data remotely where possible.

  • Improper software usage (usage outside our Terms of Use): Client Services and Development teams will investigate impact and actions.


bottom of page