Security, business continuity and incident reporting

Business Continuity

Tiller Technologies business continuity plan BCP plan exists to ensure the consistent and secure continued operation of the company in such an event. The execution of the plan be executed under our ‘Availability Management Policy’ and ‘Incident Response Procedure’. All business systems and services are cloud-based and are implemented to allow the safe and secure control access and continued operation from a remote location. This is continually evaluated and confirmed as remote working is an integral part of our business operating model.

Incident reporting

Formal incident response policies, procedures and specific plans are in place to cover the following scenarios:

Information Systems Service Incident
Information Security Data Breach
Ransomware Attack
Virus or Malware Intrusion
Denial of Service Incident

Incident Response plans follow the following 7-step methodology:

Preparation
Threat Detection
Containment
Investigation
Eradication
Recovery
Follow-Up/Notification

All policies, procedures and plans are managed and assessed in-line with our ‘Procedure for Management Reviews’ with the objective to:

Ensure that information security processes are conducted effectively, efficiently, and economically to the benefit of Tiller and its clients
Identify compliance or any areas of non-compliance with the ISO/IEC 27001 standard
Identify further opportunities for continual improvement, which may extend beyond the criteria set out in ISO/IEC 27001

Provide Tiller with internal assurance that Incident Response is effectively managed and risks to the business and its clients are minimised.

Customer Notification

Formal incident response procedures and plans are in place to cover the following scenarios:

Information Systems Service Incident
Information Security Data Breach
Ransomware Attack
Virus or Malware Intrusion
Denial of Service Incident

Tillers procedures and notification schedule is aligned to the requirement of the EU General Data Protection Regulation 2016 (GDPR) that incidents affecting personal data that are likely to result in a risk to the rights and freedoms of data subjects must be reported to the data protection supervisory authority by the controller without undue delay and where feasible, within 72 hours of becoming aware of it.

Any such notification would be directed to the client-nominated representative and would include the following information if known:

The date and time that the breach was discovered
The date and time that the breach is believed to have occurred
The data items included e.g., name, address, bank details, biometrics etc.
The volume of data involved
The number of data subjects affected
The nature of the breach e.g., theft, accidental destruction
Whether the personal data was encrypted
If encrypted, the strength of the encryption used
The actions that have been taken to manage the impact of the breach
Contact details of the person managing the breach within our organisation
Any other factors that are deemed to be relevant

PreviousData Collection and Storage NextCountry Coverage Match Rates

Last updated 1 year ago

Business Continuity

Incident reporting

Formal incident response policies, procedures and specific plans are in place to cover the following scenarios:

Information Systems Service Incident

Information Security Data Breach

Ransomware Attack

Virus or Malware Intrusion

Denial of Service Incident

Incident Response plans follow the following 7-step methodology:

Preparation

Threat Detection

Containment

Investigation

Eradication

Recovery

Follow-Up/Notification

All policies, procedures and plans are managed and assessed in-line with our ‘Procedure for Management Reviews’ with the objective to:

Ensure that information security processes are conducted effectively, efficiently, and economically to the benefit of Tiller and its clients

Identify compliance or any areas of non-compliance with the ISO/IEC 27001 standard

Identify further opportunities for continual improvement, which may extend beyond the criteria set out in ISO/IEC 27001

Provide Tiller with internal assurance that Incident Response is effectively managed and risks to the business and its clients are minimised.

Customer Notification

Formal incident response procedures and plans are in place to cover the following scenarios:

Information Systems Service Incident

Information Security Data Breach

Ransomware Attack

Virus or Malware Intrusion

Denial of Service Incident

Any such notification would be directed to the client-nominated representative and would include the following information if known:

The date and time that the breach was discovered

The date and time that the breach is believed to have occurred

The data items included e.g., name, address, bank details, biometrics etc.

The volume of data involved

The number of data subjects affected

The nature of the breach e.g., theft, accidental destruction

Whether the personal data was encrypted

If encrypted, the strength of the encryption used

The actions that have been taken to manage the impact of the breach

Contact details of the person managing the breach within our organisation

Any other factors that are deemed to be relevant