top of page

Policies

Security and Incident Management Policy

Definition of security incident

Any change in the everyday operations of our information technology service, indicating that Panacea’s Terms of Use or other IT-related policies may have been violated or a security safeguard may have failed.

Scope

This policy is intended to provide details on the incident management processes that will be followed in the event of a security incident or breach.

Policy

1. All users of Panacea are responsible for ensuring the safety and security of the system in accordance with our Terms of Use and Software Maintenance Policy.

2. In the event of an incident being identified and reported, Panacea will investigate the issue and take possible steps to minimise impact on clients and the business.

Customers’ and Users’ responsibilities

1.   Please refer Customer’s Obligations and other relevant sections in our Terms of Use

2.   Panacea users / external entities must contact and notify Panacea Support as soon as a security incident is suspected or identified. This can be done via:

3.   As much information as possible must be provided using the attached form, including:

  • Details of the incident / data breach

  • Cause(s) or suspected cause(s)

  • Steps (if any) taken at their end

  • Impact on the software and on information stored on the software (if any)

Panacea’s responsibilities

1. Panacea staff must notify Management as soon as a security incident is suspected or identified

2. Panacea will thoroughly investigate and analyse

  • Cause(s) of the incident

  • Impact on the software and on information stored on the software (if any)

  • Immediate action to minimise impact on the business and clients in accordance with our Terms of Use

  • Measures to avoid recurrence of the incident

  • Where appropriate, steps will be taken in line with Panacea’s Continuity of Business policy (management to discuss with clients)

Common information security incidents – examples & solutions:

  • Cyber-attack: Panacea’s Continuity of Business policy will be implemented, if necessary

  • Loss or theft of equipment / devices (e.g., company laptop): Client Services and Development teams to change critical application passwords and monitor usage of these accounts

  • Improper software usage (usage outside our Terms of Use): Client Services and Development teams to investigate impact and actions

bottom of page