What will we do in the event of a data breach?
Enquiry Tracker has a Critical Incident Response process (which includes our Developers, and Senior Management), and a Breach Response Plan.
Below is a high level summary of the steps Enquiry Tracker will take in the event of a suspected data breach.
Step 1 – Incident detection and preliminary assessment
- Enquiry Tracker users, employees and contractors can report suspected operational and security breaches to Enquiry Tracker Support via email or phone.
- Enquiry Tracker will take immediate steps to conduct a preliminary investigation, where we will identify and classify the suspected breach.
Step 2 – Contain breach
If the preliminary investigation confirms a suspected breach, we will take immediate steps to:
- Contain the breach.
- Limit distribution of the affected personal information.
- Limit possible compromise of other information.
Step 3 – Evaluate risks associated with the breach
The next step is to undertake a reasonable and expeditious assessment to:
- Gather all relevant information on the breach.
- Determine who needs to be made aware of the breach.
- Document everything at each step.
Step 4 – Notification
Enquiry Tracker will notify affected organisations and users as soon as possible once the facts are known, if:
- There is a chance of serious harm, or if a notification would give the users or customer organisation the ability to avoid serious harm.
Step 5 – Review to prevent future breaches
In the event of a breach, Enquiry Tracker will:
- Fully investigate the cause of the breach.
- Record an incident report.
- Implement recommendations from the investigation to prevent future breaches.