Got an idea? A vision?

We want to hear it.

Let’s Chat & Make It Happen

…or email us at hello@bluewhaleapps.com and we’ll follow up promptly!

Incident Response Policy

Version: v10.1 | Effective Date: April 15, 2020

  • Document Created: March 25, 2020
  • Last Reviewed: January 12, 2025
  • Next Review Date: January 2026
  • Approved By: Security Officer
  • Policy Owner: Security Officer

12.1 Purpose

This Incident Response Policy establishes procedures for detecting, reporting, assessing, containing, eradicating, recovering from, and learning from security incidents to minimize business impact and continuously improve security posture.

12.2 Scope

Applies to all security incidents affecting Blue Whale Apps systems, data, or personnel including unauthorized access, data breaches, malware, denial-of-service, physical security breaches, and policy violations.

12.3 Incident Classification

  • Critical (P1): Active data breach, ransomware, complete service outage, significant customer impact
  • High (P2): Malware outbreak, suspected breach, partial service degradation, potential data exposure
  • Medium (P3): Policy violations, unsuccessful attack attempts, isolated malware, minor security events
  • Low (P4): Security awareness issues, minor policy violations, informational events

12.4 Incident Response Process

  • Detection and Reporting: Through security monitoring, SIEM alerts, antivirus alerts, user reports, administrator observations, or external notifications. All personnel must report immediately via security@bluewhaleapps.com, security hotline, or IT Service Desk.
  • Assessment and Triage: Security team validates incident, classifies severity, determines scope, assesses impact, activates Incident Response Team if needed, and documents findings.
  • Containment: Isolate affected systems, disable compromised accounts, block malicious addresses, preserve evidence, implement temporary controls, communicate status.
  • Eradication: Remove malware, close vulnerabilities, strengthen compromised controls, update security rules, verify threat removed, document actions.
  • Recovery: Rebuild or restore compromised systems, restore data from clean backups, verify integrity, implement additional monitoring, gradual return to production, monitor for recurrence.
  • Post-Incident Review: Timeline and root cause analysis, response effectiveness evaluation, improvement recommendations, policy and procedure updates.

12.5 Data Classification Matrix

  • PII: Names with SSN/driver’s license/financial account, health information, biometric data, online credentials
  • PHI: Medical records, treatment information, healthcare billing
  • Confidential Data: Trade secrets, intellectual property, financial records, customer contracts, proprietary business information

12.6 Notification Requirements

  • Internal: Security Officer (all incidents), CTO (High and Critical), Legal (data breaches), HR (insider threats), Public Relations (external communications)
  • External: Customers (data breaches affecting customer data per contract), regulatory authorities (per requirements – GDPR 72 hours, state breach laws), law enforcement (criminal activity), insurance providers (covered incidents)
Read Our Reviews