The purpose of the policy is to establish the goals and the vision for the breach response process. This policy will clearly define to whom it applies and under what circumstances, and it will include the definition of a breach, staff roles and responsibilities, standards and metrics (e.g., to enable prioritization of the incidents), as well as reporting, remediation, and feedback mechanisms. The policy shall be well publicized and made easily available to all personnel whose duties involve data privacy and security protection.
FinGoal's intentions for publishing a Data Breach / Computer Security Incident Response Policy are to focus significant attention on data security and data security breaches and how FinGoal’s established culture of openness, trust and integrity should respond to such activity. FinGoal is committed to protecting employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
This policy mandates that any individual who suspects that a theft, breach or exposure of FinGoal protected data or FinGoal sensitive data has occurred must immediately provide a description of what occurred. FinGoal’s security team will investigate all reported thefts, data breaches and exposures to confirm if a theft, breach or exposure has occurred. If a theft, breach or exposure has occurred, the CISO will follow the appropriate procedure in place.
This policy applies to all who collect, access, maintain, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle personally identifiable information of FinGoal members. Any agreements with vendors will contain language similar that protects the business.
As soon as a theft, data breach or exposure containing FinGoal protected data or FinGoal sensitive data is identified, the process of removing all access to that resource will begin.
The CTO will chair an incident response team to handle the breach or exposure.
The team will include members from: