Objectives
The primary objectives of the GrowMore Recruitment Incident Management Policy are to:
- Minimise the adverse impact on business operations
- Restore normal service operations as swiftly as possible
- Maintain agreed levels of service quality
- Ensure the use of standardised methods and procedures for prompt and efficient response, analysis, documentation, management, and reporting of incidents
- Enhance visibility and communication of incidents to business and IT support staff
- Improve business perception of IT through a professional approach to incident resolution and communication
- Align Incident Management activities and priorities with business objectives
- Maintain high levels of user satisfaction with IT services
Scope
This policy applies to all incidents reported by GrowMore Recruitment employees, vendors, and third-party contractors related to IT infrastructure, including hardware, software, system components, virtual components, cloud services, networks, and processes. Information security incidents reported by clients or external entities will be documented using an Incident Report Form by the receiving employee. Incidents affecting business continuity are addressed in the GrowMore Recruitment Business Continuity Management Plan.
Policy
Incident Detection: Incident detection is a critical phase of the incident response process. Some security incidents are obvious, such as a defaced website or unauthorised account access, while others may be less apparent. Potential security incidents can be identified through:
- User Reports: Users and system administrators are often the first to notice issues, such as failed logins or unusual system activity.
- System Alerts: GrowMore Recruitment utilises auditing and intrusion detection systems (IDS) to monitor information resources. Alerts from these systems indicate potential security incidents.
- Incident Reporting: All GrowMore Recruitment employees, contractors, and vendors are required to immediately report any security violations, incidents, or suspicious system activity. Incident reports should be submitted to the GrowMore Recruitment IT team for assessment and appropriate response actions.
- Incident Response: Upon receiving an incident report, the Technology Lead will determine the appropriate response and may involve the GrowMore Recruitment IT team. The IT team is responsible for managing the incident resolution process, including user or system notifications, escalation, follow-up actions, and post-incident reporting.
- Incident Recovery: After an incident is contained or resolved, systems involved may need recovery. The goal is to restore systems to a secure state, addressing any vulnerabilities exploited during the incident. This includes restoring data and applications and changing system and user passwords as needed.
- Securing Evidence: To preserve evidence, system logs should be immediately copied to offline storage, and a complete backup of the compromised system should be made if feasible. The Technology Lead is responsible for securing these logs and backups. Users should avoid accessing affected systems to prevent evidence tampering.
Responsibilities
The GrowMore Recruitment IT team is the first point of contact for all personnel regarding potential security incidents. Team members assist in identifying incidents and initiating appropriate actions. The Technology Lead is notified of any security incidents via the Incident Report Form. The IT team has defined roles and responsibilities for escalating and resolving security incidents. Employees are encouraged and required to report any observed or suspected security weaknesses, even if not a confirmed incident.
Commitment to Continuous Improvement
GrowMore Recruitment is committed to regularly reviewing and updating the Incident Management Policy to adapt to evolving security challenges. This ensures the confidentiality, integrity, and availability of all data under our care.
For any questions or further information about our Incident Management Policy, please contact our IT team.