Incident Response & Breach Notification Policy

This policy governs how Vibble identifies, contains, analyzes, and discloses security breaches in compliance with GDPR, CCPA, DSA, OSA, and global incident requirements.

1. Scope

  • Data breaches
  • Unauthorized access incidents
  • Credential or token compromise
  • Insider misuse
  • Malware & infrastructure attacks

2. Response Workflow

  1. Detection & alerting
  2. Initial triage & severity classification
  3. Containment of affected systems
  4. Forensic analysis
  5. Mitigation & recovery
  6. User and regulator notification
  7. Post-incident review and hardening

3. Legal Notification Requirements

  • GDPR: notify regulators within 72 hours
  • CCPA: notify affected residents without unreasonable delay
  • DSA/OFCOM: risk reporting where applicable
  • Law enforcement notification for criminal events

4. User Notifications

Users receive notification if the breach is likely to cause:

  • Identity risk
  • Financial harm
  • Unauthorized account access
  • Exposure of sensitive data

5. Contacts

Incident Response: ir@vibble.com
Security Office: security@vibble.com
Nexa-Group IR: incidents@nexa-group.org

Hjalp dette svar dig? 0 Kunder som kunne bruge dette svar (0 Stem)

Mest populære

Security Practices Disclosure

Security Practices Disclosure This disclosure outlines Vibble’s enterprise-grade...
Bug Bounty & Vulnerability Disclosure Program

Bug Bounty & Vulnerability Disclosure Program This program outlines safe-harbor...
Penetration Testing & Red-Team Disclosure Statement

Penetration Testing & Red-Team Disclosure Statement This statement outlines...
Rate Limiting & Abuse Prevention Policy

Rate Limiting & Abuse Prevention Policy This policy defines how Vibble protects...
Account Takeover Prevention Policy

Account Takeover Prevention Policy This policy outlines Vibble’s protections against...