Breach Response Plan

Effective Date: 11th September 2024

1. Purpose

At Shoothill, we prioritise the security and privacy of our clients’ data. In the event of a data breach, we are committed to responding swiftly and effectively to mitigate any impact.

This Breach Response Plan outlines the steps we will take to address a breach, protect affected parties, and comply with legal and regulatory requirements.

2. Identification

  • Incident Detection: Regular monitoring of our systems will be conducted to detect any unauthorised access or abnormal activity.
  • Initial Assessment: As soon as a potential breach is detected, our IT security team will assess the situation to confirm whether a breach has occurred and determine its scope and impact.

3. Containment

  • Immediate Containment: Upon confirmation of a breach, immediate steps will be taken to contain the incident. This may include disconnecting affected systems from the network, changing access controls, and applying necessary patches or updates.
  • Preservation of Evidence: We will preserve all evidence related to the breach to support any future investigations.

4. Notification

  • Internal Notification: All relevant internal stakeholders, including senior management and the legal team, will be informed of the breach as soon as it is confirmed.
  • External Notification: Depending on the severity and legal requirements, we will notify affected clients, partners, and regulators in accordance with applicable laws and contractual obligations. Notifications will include details of the breach, the data affected, and steps individuals can take to protect themselves.

5. Eradication

  • Root Cause Analysis: We will conduct a thorough investigation to identify the root cause of the breach.
  • Elimination of Threats: All vulnerabilities exploited during the breach will be addressed, and any malicious actors will be removed from our systems.

6. Recovery

  • System Restoration: We will restore affected systems and services to normal operation, ensuring that they are secure and fully functional.
  • Continuous Monitoring: Enhanced monitoring will be implemented, if necessary, to detect any signs of further unauthorised activity.

7. Post-Incident Review

  • Incident Report: A detailed incident report will be created, documenting the breach, our response actions, and lessons learned.
  • Process Improvement: We will review our breach response plan and security practices, making necessary improvements to prevent future incidents.

8. Legal and Regulatory Compliance

  • Compliance Review: We will ensure that our response complies with all relevant legal and regulatory requirements, including data protection laws such as GDPR.
  • Cooperation with Authorities: If required, we will cooperate with law enforcement and regulatory bodies, such as the ICO, throughout the investigation and resolution process.

9. Communication

  • Client Communication: We will maintain open lines of communication with affected clients, providing updates on the situation and any actions they may need to take.
  • Public Communication: If necessary, we will issue public statements to manage our reputation and keep stakeholders informed.

10. Training and Awareness

  • Staff Training: All employees receive regular training on data protection and breach response procedures to ensure they are prepared to act quickly and effectively.
  • Simulated Breaches: We will conduct regular breach simulations to test and refine our response plan.

12. Contact Information

For questions about this policy or to report any concerns, please contact:

Compliance Officer

Simon Jeavons
Group Managing Direcotr
Shoothill Ltd