Security and Incident Management Policy
Definition of security incident:
This policy is intended to provide details on the incident management processes that will be followed in the event of a security incident or data breach.
In the event of an incident being identified and reported, Panacea will investigate the issue and take possible steps to minimise any resultant impact on clients and the business.
Panacea will report the incident (details, root cause, impact, corrective action) to the subscriber at the earliest possible opportunity.
Customers’ and Users’ responsibilities:
Panacea users/external entities must contact and notify Panacea Support as soon as a security incident is suspected or identified. This can be done via:
a. phone: 02079760116
b. email: firstname.lastname@example.org or email@example.com
c. our website’s ‘Contact Us’ page: https://www.panacea-software.com/contact-us
As much information as possible must be provided using the attached form, including:
a. details of the incident/data breach.
b. cause(s) or suspected cause(s).
c. steps (if any) which the customer/user has taken to resolve the issue.
d. impact (if any) on the software and on information stored on the software.
Panacea staff must notify Management as soon as a security incident is suspected or identified.
Panacea will thoroughly investigate and analyse
a. cause(s) of the incident.
b. impact (if any) on the software and on information stored on the software.
d. suitable measures which may help to avoid the incident recurring.
e. (if appropriate) steps outlined in Panacea’s Continuity of Business policy (subject to discussion between Management and Clients)
Common information security incidents – examples & solutions:
Cyber-attack: Panacea’s Continuity of Business policy will be implemented, if necessary.
Loss or theft of equipment/devices (e.g. company laptop): Client Services and Development teams will change critical application passwords, monitor usage of these accounts and erase data remotely where possible.