Incident Management and Data Security Procedure
This procedure outlines the end-to-end process for detecting, triaging, responding to, communicating, and learning from security incidents that may impact the confidentiality, integrity, or availability of Thru's systems, applications, data, and services.
INTRODUCTION
This Incident Management and Data Security Procedure ensures the prompt identification and appropriate handling of events related to information security or weaknesses in information systems in our current times. It is crucial to respond to security-related events effectively and implement corrective actions promptly to safeguard the integrity, availability, and confidentiality of the company's information.
An event may not always be an incident, but every incident is an event. While several information security-related events may not compromise the company's information, they still need to be reported and assessed.
SCOPE
These procedures apply to all security incidents that may impact the confidentiality, integrity, or availability of Thru’s systems, applications, data, and services. The scope encompasses:
Systems and Infrastructure
Environments hosting Thru services:
Production
Development and testing
Thru Corporate IT systems (e.g., email, collaboration tools, employee workstations)
Thru Network infrastructure (e.g., firewalls, routers, switches)
Data
Customer data processed or stored within Thru
Sensitive corporate data (e.g., intellectual property, financial information, employee records)
System logs and audit trails
Personnel
All employees, contractors, and third-party vendors with access to Thru’s systems, applications, or data
Thru Security Operations Team team responsible for incident detection, response, and reporting
Incident Response Team and subject matter experts involved in incident handling
Incident Types
Unauthorized access or attempted access to systems or data
Malware infections or attempted infections
Distributed Denial of Service (DDoS) attacks
Data breaches or suspected data breaches
System or application vulnerabilities
Insider threats or misuse of systems
Social engineering attacks or phishing attempts
Any other events or activities that may compromise the security of the company's systems, applications, or data
Locations
All Thru Data Center Locations
Remote office locations or employee workspaces
These procedures cover the entire lifecycle of security incidents, from initial detection and triage to incident response, communication, and post-incident review. They are designed to ensure a consistent, coordinated, and effective approach to managing security incidents and minimizing their impact on Thru’s operations, customers, and stakeholders.
RESPONSIBILITY
The Chief Operating Officer (COO) bears the responsibility to:
Ensure all security-related events that may be considered incidents are reported efficiently, reviewed, and appropriate corrective actions are determined.
Oversee that corrective action programs in response to information security incidents are promptly implemented and effectively resolve the problems.
RELATED DOCUMENTATION
IS50 Thru Information Security Program Policy Book