PoliclyPolicly
← All samples
Sample preview. Placeholders in [brackets] are replaced automatically with your answers from the post-purchase customisation form.
Sample

Data Breach & Incident Framework

Incident & Breach Response Policy

Document 1 of [number of documents in suite] · One-time £20 for the full suite

1. Purpose

This policy defines how [Company Name] detects, classifies, responds to and learns from information security incidents and personal data breaches.

2. Scope

Applies to all systems, information, employees, contractors and third parties processing data on behalf of [Company Name].

3. Definitions

  • Incident: an event that compromises or threatens the confidentiality, integrity or availability of information.
  • Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

    • 4. Roles

  • Incident Response Lead: [Incident Response Lead].
  • 24/7 Contact: [24/7 Contact Number].
  • Data Protection Officer: [Data Protection Officer].
  • Executive Sponsor: [Company Owner].

    • 5. Severity classification

    SeverityDescriptionInitial response time

    |---|---|---|

    CriticalConfirmed CUI/personal data breach, ransomware, or material service outage.30 minutes
    MediumLocalised compromise contained at workstation/account level.4 hours
    LowPolicy violation, single phishing report, near-miss.1 business day

    6. Lifecycle

    [Company Name] follows the NIST SP 800-61 lifecycle: Preparation → Detection & Analysis → Containment, Eradication & Recovery → Post-Incident Activity. Each stage has documented checklists in the Incident Response Playbook.

    7. Regulatory notification

  • UK GDPR / EU GDPR: the DPO assesses notification to the supervisory authority within 72 hours of becoming aware of a personal data breach.
  • Other jurisdictions (if applicable): notification obligations are tracked in the [Company Name] Notification Matrix.
  • Affected data subjects: notified without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

    • 8. Communications

    External and customer communications are coordinated by [Company Owner] in consultation with the DPO and, where appropriate, legal counsel. No public statement is made without executive approval.

    9. Evidence preservation

    Forensic evidence is preserved under the Forensic Evidence Handling Procedure — imaging before remediation where feasible, chain of custody maintained.

    10. Post-incident review

    A formal lessons-learned review is held within 10 working days of closure. Actions are tracked to completion in the [Company Name] risk and action register.

    Approved by: [Company Owner] Effective date: [Effective Date] Next review: [Review Date]

    Like what you see?

    Get the full Data Breach & Incident Framework bundle, tailored to your business, for £20.

    Other samples

    Data Protection PolicyUK Data Protection PolicyAccess Control Policy (AC family)Information Security PolicyExport Compliance Program (ECP)Data Governance Policy (Enterprise Technology)Data Governance Policy (Operational Technology)Data Management PolicyPrivacy Notice (External)Acceptable Use Policy