Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
21 views4 pages

Breach Notification Process

Uploaded by

medryte23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
21 views4 pages

Breach Notification Process

Uploaded by

medryte23
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Medryte Healthcare Solutions Pvt.

,Ltd Normal

Breach Notification Process

Document
Responsibility: Subin 24-13710
No:

Department: IT & Networking Revision: 1.1

Date: 05-Aug-2024 Sheet: 1 of 4

Introduction
1. Purpose

This document outlines the process Medryte follows to detect, assess,


and report security breaches to ensure timely response and
compliance with regulatory requirements.

2. Scope

This process applies to all Medryte employees, contractors, and third-


party vendors handling sensitive company and customer data.

3. Definition of a Data Breach

A data breach includes any unauthorized access, disclosure, alteration,


or destruction of sensitive information due to cyberattacks, human
error, system vulnerabilities, or insider threats.

4. Breach Detection & Assessment

 Identification: Breaches can be detected through monitoring


systems, user reports, or third-party notifications.

 Initial Assessment: The IT Security team will assess the severity,


impact, and scope of the breach.
 Containment: Immediate steps will be taken to limit further damage,
including isolating affected systems and revoking compromised
credentials.

5. Breach Notification Process

A. Internal Notification

 Employees must report suspected breaches immediately to the IT


Security team.

 The IT Security team will escalate the issue to senior management and
legal teams as needed.

 A breach response team will be formed to handle the incident.

B. External Notification

 Regulatory Authorities: If required by law, Medryte will notify


relevant regulatory bodies within the stipulated time frame.

 Affected Individuals: Impacted customers, employees, or


stakeholders will be informed with details on the breach, potential
risks, and mitigation steps.

 Third Parties & Vendors: If the breach involves third-party services


or partners, they will be notified promptly to coordinate response
efforts.

6. Notification Timelines

 High-severity breaches must be reported internally within 24 hours of


detection.

 Regulatory authorities will be notified within the legally required period


(e.g., 72 hours for GDPR compliance).

 Affected individuals will be informed as soon as possible with clear


guidance on protective measures.

7. Post-Breach Actions
 Root Cause Analysis: Identify the underlying cause and take
corrective measures.

 Security Enhancements: Strengthen security controls to prevent


future incidents.

 Reporting & Documentation: Maintain a detailed breach report for


compliance and future reference.

 Employee Training: Conduct awareness programs to improve breach


detection and response

8. Roles & Responsibilities

Role Responsibility

IT Security Team Detect, assess, and contain breaches

Legal &
Ensure regulatory reporting and legal adherence
Compliance

Approve communication strategies and remediation


Management
plans

Employees Report security incidents immediately

9. Enforcement & Compliance

 Non-compliance with this policy may lead to disciplinary action.

 Regular audits will be conducted to assess adherence to the breach


notification process.

10. Review & Updates This policy will be reviewed annually or after a
significant security incident to ensure effectiveness.

Document Version History


This table shows a record of significant changes to the document.
Versio Date Author Description of Change
n
05-Aug-
1.0 Subin Initial release
2023

1.1 02-Aug- Subin Version Update


2024

1.2

APPROVALS

This table shows the approvals on this document for circulation, use, and
withdrawal.
Versio Date Approver Title/ Approval Remarks
n Authorit
1.0 07-Aug-23 Mr.Sujin MD Verified
Jekash Simson
1.1 05-Augr-24 Mr.Sujin MD Verified
Jekash Simson

Approval & Acknowledgment I acknowledge that I have reviewed and


understood the Medryte Breach Notification Process.

Authorized Signature: ___________________________

Date: ___________________________

You might also like