Cyber security incidents can have a serious negative effect upon business and other organisations. Where cyber security incident occurs, this document sets out an easy-to-follow course of action for the affected organisation.
As opposed to an employee, a contractor or a B2B cyber security policy, this document is not - and is not intended to form part of - a legal contract. Instead, it is a way of assisting its users to act quickly and in a pre-planned manner. It is sensible to put all or part of this policy on display, so that employees can find it easily.
The policy lays out: (a) what signals should policy users look for in case of a breach; (b) what to do in case they make a mistake; (c) who is the person to alert when a breach occurs; and (d) clear instructions regarding the responsibility of each person with an authority to act, in order to avoid duplicate tasks and contradictory advice.