Laserfiche WebLink
Security Policies and Procedures <br />XV. Breach Response <br />A. Overview <br />Virtru will maintain an effective method so that all information users, custodians and <br />owners can readily report incidents. <br />Incidents will be reported to the person's immediate manager or the ISO. Once the ISO <br />has been notified, said Officer will then follow the directions in the Incident and Breach <br />Policy. <br />The ISO will investigate incidents and will log or report significant losses or threats <br />immediately. The appropriate authorities will be contacted by the ISO depending on the <br />severity of incident <br />Incidents involving misuse by workforce members will be investigated by the ISO. <br />Depending on the severity of the incident, the Emergency Contact list may provide <br />additional contacts. See the Emergency Contact List located in the Disaster Recovery <br />Plan. <br />Confidential Reporting: <br />Confidential reporting maybe done either by: <br />1. Calling (may leave voice message) the ISO or ALSO <br />2. Sending an email to the ISO or AISO, or; <br />3. Google Form for anonymous reporting <br />XV1. Personnel Security <br />A. Screening for newly hired personnel, third parties, vendors <br />Proper verification checks must be made prior to granting any new workforce member, <br />contractor, vendor, agent or affiliate access to Private, Internal, Confidential or <br />Protected information. These verification checks will meet the requirements set forth <br />by the Company and may include: <br />P .Hn5.&6 <br />32 <br />