Security or data breach procedure
In the event of a detected or suspected security failure or data breach the Idun standard operating procedure is as follows:
Immediately:
- Report finding or suspicion the Team leader or manager
Create a Jira bug with label “breach” - Assess the scope and severity
What was accessed and what was done to it (access, edited, removed etc) - Determine the breach mechanism and if the breach is over or still ongoing
Were mis-used credentials used?
Was encryption broken?
Was something left open or vulnerable because of a misconfiguration? - Revoke credentials or close down service to stop the breach if ongoing.
Within a day:
- Determine the effect of the breach to determine what needs to be reported to whom.
- If the breach is confirmed, inform the customer/data controller (the Main tech contact)
- If the breach is likely “to result in a risk to the rights and freedoms of natural persons” the supervisory authority in the country of the customer or data controller
Reporting the breach must be done within 72 hours of becoming aware of the breach. - If the breach concerns a customer/data controller organization in multiple countries, compile a list of all relevant government bodies.
- If the breach can pose a high risk to individual persons affected, those persons should be individually notified.
Include information about
- Report to the customer, relevant authorities and individuals
- Summarize the incident in both the Jira ticket and a document saved in Idun_team/Customers
Within a week:
- Restore altered or deleted data from backups.
- Begin an investigation to clarify the root cause of the Breach
- Formulate backlog (short term) or roadmap (long term) actions that can prevent future breaches of the same kind.
- Close the Jira ticket
