Hello there!
Need Help? We are right here!
Need Help? We are right here!
Thanks for your Enquiry.
If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com
Search Results:
×This policy is based on ISO 27001:2013. This security incident response policy is intended to establish controls to ensure detection of security vulnerabilities and incidents, as well as quick reaction and response to security breaches.
This document also provides implementing instructions for security incident response, to include definitions, procedures, responsibilities, and performance measures (metrics and reporting mechanisms).
This policy applies to all users of information systems within miniOrange. This typically includes employees and contractors, as well as any external parties that come into contact with systems and information controlled by miniOrange (hereinafter referred to as “users”). This policy must be made readily available to all users.
The acting information security officer and top management team will facilitate and maintain this policy and ensure all employees have reviewed and read the policy.
The policy is defined to ensure that in any event of disruption of business operations, miniOrange will take appropriate actions for the continuity and minimization of impact. miniOrange will also keep a track of such incidents and take preventive measures to minimize the impact of controllable events in future. The incidents are described based on the severity level from high to low.
Highest Severity(Level 1)
A Service failure or severe degradation due to environmental threat so that no one is able to access any business resources. Such events could be:
Natural disaster - Floods, Earthquakes,etc.
Terrorist Attack
Power Failure, Power Spikes, Fire etc.
Medium Severity (Level 2)
Service failure and not being able to access any business resources, information security systems depending on third party suppliers / vendors. Such events could be:
Amazon Web Service (AWS) Downtime
Google Server Downtime
Low Severity (Level 3)
A service not available due to incidents in the internal network miniOrange. Such events could be:
Loss of Data
Unauthorized modification/update to Information Processing Facility (Access violations - Breach of information integrity, confidentiality or availability)
External Attack in Infrastructure - Phishing, DDOS, Virus, Malware, etc
Unexpected Malfunction of the Devices - Incompatible Software installation/updation
A. Impact of Incidents
Impact Analysis of the incidents can be done based on the severity of the incident.
Impact of Highest Severity Events is described in the Business Continuity Policy Document.
Impact of Medium Severity Events could result in the stoppage of business operations completely for miniOrange as well as their customers.
Impact of Low Severity Events could result in the stoppage of only some business activities compromising the Information Security.
B. Incident Logging
All the incidents must be logged before executing the incident response plan. Any stakeholder of miniOrange can report the incident to the top management or to the members of ISMS Team.
Top Management can also be informed of incidents with the notifications activities set up for each incident.
As soon as the incident is detected the incident is logged by the ISMS Team so other people are aware of the incident. In this case, a document will be prepared and circulated throughout the people. This document will have
| Title | Description |
| Incident Summary | What’s an emergency ? |
| Description | What is the impact of the incident ? Impact on customers as well. |
| Fault | A Service that is unavailable or faulty. |
| Affected Products | Which products will be affected ? |
C. Communication Plan
Communication procedure is extremely important as soon as the incident response plan is executed. It can be done via email or through telephonic conversation. The email will be circulated to all the necessary parties either by the HR/Operations or by the team members depending on the incident. The notification or the email will include type of incident, impact, measures or actions taken post incident and current status of the incident. The communications/notifications will continue until the incident is resolved or taken care of.
Communication with Employees: HR/ Operations/Departmental Team of miniOrange will be responsible for informing all the employees of the miniOrange as soon as an incident is recorded and measures taken to tackle it.
This communication will be done preferably with the formal email or verbal communication if required.
Communication with customers: Customers will be informed by the departmental team members if required. Communication will be done through the formal email. Customers will be notified within 8 hrs of the incident or depending on the severity of the incident.
D. Incident Management
The response plan from miniOrange will be based on the severity and the impact of the incident. The Response Plan for Severity Events will be executed into the 4 Phases described below.
Phase 1: Immediate Action
The ISMS Team will assess the situation based on the severity of the Incident as described above. For Highest Severity (Level 1 ) Business Continuity Plan will be executed. For Medium Severity (Level 2) Service Plan will be executed and Low Severity (Level 3) Generic Plan will be implemented.
Phase 2: Testing and Monitoring
Based on the incident level the response team will monitor all the actions post incident and also make sure key people are informed about the incident and the measures taken.
Phase 3: Backup Execution and Post Incident Meeting
Once all the initial communication has been made to all the departments and the employees, the response team needs to assess the situation and develop the follow-up action plan.
The Follow Up Action Plan will include an assessment of whether the situation will last one hour, one day, one week or more than one week. Depending on this assessment, different strategies will be drawn up for maintaining business operations to meet the needs of different departments, services, and third parties to ensure the continuation of the business and minimal economic loss.
Phase 4: Ongoing Assessment of the Incident
Response Team will convene in person or online and continually assess the timescale of the situation, keeping all the parties informed and providing for all the business-critical needs. Top Management will continue to meet regularly to keep re-assessing the situation, monitoring the incident response plan and communicating with key stakeholders(Staff, Employees, Top Management, Third Party) until the emergency is resolved or tackled appropriately.
miniOrange information processing is dependent on the Cloud Instances provided by Amazon Web Services. miniOrange uses complete AWS Infrastructure for hosting the applications and maintaining databases. To ensure the continuous operations backup services are automatically maintained by AWS in another Availability Zone. As per the Backup Policy, all the services can be reinitiated from the different zone of AWS.
All the miniOrange employees and clients are informed about the use and the dependency on the AWS.
Any incident at AWS can be tackled through the conventional method described by AWS in their Service Level Agreement. https://aws.amazon.com/compute/sla/
All the affected people will be informed about the status of the incident considering the status of the AWS.
Similarly, miniOrange uses Google Workspace for internal communication, Personal Data Storage Facility or as a communication channel.
Any incident at Google can lead to lack of communication within or outside the organization.
miniOrange uses the Telephonic channel in case the communication channel goes down.
Google offers their services under the following agreement - https://workspace.google.com/terms/sla.html
All the employees will be informed about the status of the incident considering the status of Google.
Any incidents at AWS can impact miniOrange operations as well as all the business activities. miniOrange has assigned a role of Incident Manager with all the responsibilities and authority for the incident. The Incident Manager is empowered to take any action necessary to resolve the incident, which includes paging anyone in the organization and keeping those involved in an incident focused on restoring the service.
Responsibilities of Incident Manager
1. Incident Manager communicates about the issues/incidents internally and externally or assigns someone to have this communication. So all the people inside or outside the organization must be aware of the impact of the incident and we are working on it.
2. Incident Manager will form the team by bringing members from the other team and paging them into restoration of the services.
3. The Incident Manager will now work with the team and resolve the issues and restore the services. Meanwhile, the Response Team will be providing the status of the incident frequently.
4. As soon as the incident is resolved, the team does the cleanup tasks and reporting of the incident.
E. Incident Records and Reporting
The ISMS Team will also continue to assess the timescale of the situation, keeping all the parties informed and providing all the business critical needs. ISMS Team continue to meet regularly, keep re-assessing the situation, monitoring the incident response plan and communicating with key stakeholders (Employees, Top Management, Third Party) until the emergency is resolved or tackled appropriately.
The ISMS Team will generate the report of the incident in the pre-fixed format with incident details such as start-of-impact time, detection time, and end-of-impact time and the learnings from the incident. The Internal Report will have the recap of the incident, impact of the incident and will have the clear report that the incident has been resolved.
The external report will have services restored in case required by the customers.
F. Review of the Information Security Continuity
The ISMS Team will record and generate the reports of the incident. After every Incident, Incident Response plan will be reviewed to make sure that no such event occurs in the future. Risk Assessment will be conducted to monitor or assess the current setup and changes will be discussed in the review meeting as well as train the employees if required.
1. HR Team: hr@xecurify.com
2. Operations: operations@xecurify.com
3. ISMS Team: info@xecurify.com
| Team | Owner | Responsibility |
| hr@xecurify.com | Aditi Kalyani | Communication Activities throughout the events. |
| operations@xecurify.com | Sneha Kedari | Take necessary actions for the normal business operations. |
| info@xeurify.com | Gaurav Sood, Kalpesh Hiran | Implementation of Incident Response Plan |
Last updated: January 02, 2025
This Security Incident Response Policy (the "Policy") is formulated in alignment with ISO 27001:2013 and is designed to establish comprehensive measures for the detection, management, and resolution of security vulnerabilities and incidents. The primary objective of this Policy is to ensure the prompt identification of security breaches and the effective response to mitigate any potential harm or damage arising from such incidents.
This Policy further outlines the procedures, responsibilities, and guidelines for the implementation of a security incident response framework, which includes the identification, classification, escalation, and resolution of security incidents. Additionally, the Policy defines performance metrics and reporting mechanisms to assess the effectiveness of the security incident response process.
This Policy applies to all individuals who access, use, or interact with information systems managed by miniOrange, including but not limited to employees, contractors, and any external parties who engage with systems or information under the control of miniOrange (hereinafter collectively referred to as "Users"). The provisions of this Policy shall be made accessible to all Users and shall be deemed applicable to all actions involving the use of such information systems.
The Information Security Officer and the senior management team shall be responsible for the implementation, maintenance, and oversight of this Policy. They have to ensure that all employees, contractors, and relevant stakeholders have been provided access to, and are required to review and acknowledge the terms of, this Policy. Furthermore, the Information Security Officer and senior management shall ensure ongoing compliance with the provisions set forth herein.
The policy is defined to ensure that in any event of disruption of business operations, miniOrange will take appropriate actions for the continuity and minimization of impact. miniOrange will also keep a track of such incidents and take preventive measures to minimize the impact of controllable events in future. The incidents are described based on the severity level from high to low.
All the incidents must be logged before executing the incident response plan. Any stakeholder of miniOrange can report the incident to the top management or to the members of ISMS Team.
Top Management can also be informed of incidents with the notification activities set up for each incident.
All employees as trained must report any level of incident to the top management/concerned team within 24 hours.
Customers can also report the incidents to the miniOrange anytime with the concerned issues.
Incidents must be reported through email, phone call, or support ticket to the concerned team/top management with details of the incident.
Employees must be trained on the procedures for reporting incidents. Failure to report information security incidents shall be considered to be a security violation and will be reported to the Human Resources (HR) Manager for disciplinary action.
Information and artifacts associated with security incidents (including but not limited to files, logs, and screen captures) must be preserved in the event that they need to be used as evidence of a crime.
As soon as the incident is detected the incident is logged by the ISMS Team so other people are aware of the incident. In this case, a document will be prepared and circulated throughout the people. This document will have
| Title | Description |
| Incident Summary | What’s an emergency ? |
| Description | What is the impact of the incident ? Impact on customers as well. |
| Fault | A Service that is unavailable or faulty. |
| Affected Products | Which products will be affected ? |
Communication procedure is extremely important as soon as the incident response plan is executed. It can be done via email or through telephone conversation. The email will be circulated to all the necessary parties either by HR/Operations or by the team members depending on the incident. The notification or the email will include the type of incident, impact, measures or actions taken post-incident and current status of the incident. The communications/notifications will continue until the incident is resolved or taken care of.
Communication with Employees: HR/ Operations/Departmental Team of miniOrange will be responsible for informing all the employees of the miniOrange as soon as an incident is recorded and measures taken to tackle it.
This communication will be done preferably with formal email or verbal communication if required.
Communication with customers: Customers will be informed by the departmental team members if required. Communication will be done through the formal email.
Customers will be notified within 8 hrs of the incident or depending on the severity of the incident.
The response plan from miniOrange will be based on the severity and the impact of the incident. The Response Plan for Severity Events will be executed in the 4 Phases described below.
Phase 1: Immediate Action
The ISMS Team will assess the situation based on the severity of the Incident as described above. For Highest Severity (Level 1), a Business Continuity Plan will be executed. For Medium Severity (Level 2) Service Plan will be executed and Low Severity (Level 3) Generic Plan will be implemented.
Phase 2: Testing and Monitoring
Following the classification of the incident, the response team shall monitor and document all actions taken post-incident in accordance with the determined incident level. The response team is also responsible for ensuring that all relevant stakeholders, including key personnel, are promptly notified of the incident and the corrective or preventive measures implemented. Such monitoring and communication shall be carried out in compliance with the organization's incident response protocols and applicable legal and regulatory requirements.
Phase 3: Backup Execution and Post-Incident Meeting
Once all the initial communication has been made to all the departments and the employees, the response team needs to assess the situation and develop the follow-up action plan.
The Follow-Up Action Plan shall include an evaluation of the anticipated duration of the incident, determining whether the situation is expected to persist for one hour, one day, one week, or longer. Based on this assessment, tailored strategies shall be developed to ensure the continuity of business operations. These strategies will address the needs of various departments, services, and third parties, aiming to mitigate operational disruption and minimize financial loss to the organization. The strategies shall be implemented in a manner consistent with the organization’s operational priorities and legal obligations.
Phase 4: Ongoing Assessment of the Incident
The Incident Response Team shall convene, either in person or through online means, to continuously assess the evolving nature and timescale of the incident. The team shall ensure that all relevant parties are kept informed and that all critical business functions are addressed in accordance with established priorities. Senior management shall hold regular meetings to reassess the situation, oversee the execution of the incident response plan, and maintain communication with key stakeholders, including staff, employees, senior management, and third parties, until the incident is resolved or adequately mitigated in accordance with organizational and legal requirements.
miniOrange’s information processing operations are reliant on cloud infrastructure provided by Amazon Web Services (AWS). The organization utilizes the full suite of AWS infrastructure for the hosting of applications and the management of databases. To ensure uninterrupted operations, AWS automatically maintains backup services in a separate Availability Zone. In accordance with the Backup Policy, services can be promptly reinitiated from an alternate AWS zone in the event of a disruption.
All miniOrange employees and clients are duly informed of the organization's reliance on AWS services. Any incident occurring within the AWS environment will be addressed in accordance with the incident response procedures outlined in AWS’s Service Level Agreement (SLA) https://aws.amazon.com/compute/sla/ which can be accessed at AWS SLA. Affected parties will be kept informed of the incident status based on updates from AWS.
In addition, miniOrange utilizes Google Workspace for internal communication, personal data storage, and as a communication channel. Any disruption in Google’s services could impact both internal and external communications. In the event of such an incident, miniOrange will utilize telephonic communication channels as a contingency measure to maintain business continuity.
Google’s services are provided under the terms of their SLA, which can be reviewed at Google Workspace SLA https://workspace.google.com/terms/sla.html. All employees will be promptly informed about the status of any incident based on the information provided by Google.
Any incidents at AWS can impact miniOrange operations as well as all business activities. miniOrange has assigned the role of Incident Manager with all the responsibilities and authority for the incident. The Incident Manager is empowered to take any action necessary to resolve the incident, which includes paging anyone in the organization and keeping those involved in an incident focused on restoring the service.
The Incident Manager is responsible for ensuring effective communication regarding the incident, both internally within the organization and externally to relevant stakeholders. Alternatively, the Incident Manager may delegate this responsibility to an appropriate individual. It is essential that all impacted parties, both internal and external, are promptly informed of the nature and impact of the incident and the organization's ongoing efforts to resolve the matter.
The Incident Manager shall assemble a response team by selecting members from various departments, as necessary, and assigning them specific roles in the restoration of services. The Incident Manager will ensure that the team is promptly engaged in mitigating the incident and restoring normal operations.
The Incident Manager will work closely with the response team to resolve the incident and restore services to normal functionality. During this process, the Response Team will provide regular updates on the status of the incident to ensure transparency and ongoing communication with affected stakeholders.
Upon resolution of the incident, the Incident Manager, in collaboration with the response team, shall oversee the completion of post-incident tasks, including the cleanup process and the preparation of a comprehensive incident report detailing the incident's cause, impact, and resolution actions.
The ISMS Team shall continuously assess the duration and evolving nature of the incident, ensuring that all relevant parties are kept informed and that the business-critical needs of the organization are met. The ISMS Team will hold regular meetings to reassess the situation, monitor the execution of the incident response plan, and maintain communication with key stakeholders, including employees, senior management, and third parties, until the emergency is resolved or mitigated in accordance with organizational procedures and legal obligations.
The ISMS Team shall prepare an incident report in a predefined format, detailing key information such as the time the incident first impacted the organization, the time of detection, the time the impact was resolved, and the lessons learned from the incident. The internal report will include a summary of the incident, an assessment of its impact, and confirmation that the incident has been resolved.
The external report will be generated as necessary and will include information regarding the restoration of services, should this information be required by customers or other external stakeholders.
The ISMS Team shall document and generate comprehensive reports for each incident. Following the resolution of every incident, the Incident Response Plan shall be reviewed and evaluated to identify any deficiencies and to implement corrective actions to prevent the recurrence of similar events in the future. A risk assessment will be conducted to assess the current infrastructure and any potential changes. Any necessary modifications to the setup will be discussed in the review meeting, and employees will be provided with training as deemed necessary to ensure compliance with updated procedures and mitigate future risks.
If you would like to contact us with questions or concerns about our privacy policies and practices, you may contact us via any of the following methods:
| Team | Responsibility |
| hr@xecurify.com | Communication Activities throughout the events. |
| operations@xecurify.com | Take necessary actions for the normal business operations. |
| info@xeurify.com | Implementation of Incident Response Plan |