Applicable to: All employees, contractors, and third parties handling POPCUSTOMS & PILLAR SUPPLY LLC data or systems.
1. Purpose
POPCUSTOMS & PILLAR SUPPLY LLC is committed to maintaining a secure environment for our customers, employees, and partners. This Incident Response Policy (IRP) establishes clear procedures for identifying, containing, eradicating, and recovering from security incidents to minimize business impact and ensure compliance with legal and regulatory requirements.
2. Scope
This policy applies to all:
- IT systems, cloud infrastructure, and corporate networks
- Employees, contractors, and authorized third parties
- Data breaches, cyberattacks, system failures, and other security events
3. Incident Classification
We categorize incidents based on severity:
| Level | Impact | Example | Response Time |
|---|---|---|---|
| P1 (Critical) | High business/customer impact | Ransomware, major data breach | Immediate (24/7) |
| P2 (Major) | Significant operational disruption | Unauthorized access, DDoS | Within 4 hours |
| P3 (Minor) | Limited impact | Phishing attempt, malware detection | Within 24 hours |
4. Roles & Responsibilities
- Security Team (CSIRT): Lead technical investigation and containment.
- Legal/Compliance: Ensure GDPR, CCPA, or other regulatory reporting.
- IT Operations: Execute system recovery and patches.
- PR/Communications: Manage customer/partner notifications.
- Executive Management: Approve major actions (e.g., system shutdown).
5. Incident Response Process
Step 1: Detection & Reporting
- Employees report incidents via:
- Email: business@popcustoms.com
- Automated monitoring alerts (SIEM/SOC).
Step 2: Assessment & Containment
- CSIRT evaluates severity and isolates affected systems.
- Legal team determines breach notification requirements.
Step 3: Eradication & Recovery
- Remove threats (e.g., malware, compromised accounts).
- Restore systems from clean backups.
Step 4: Post-Incident Review
- Conduct a Root Cause Analysis (RCA).
- Update policies/training to prevent recurrence.
6. Communication
- Internal: Updates to stakeholders via [Slack/Email].
- Regulators: Reported per legal requirements (e.g., 72 hours under GDPR).
- Customers/Public: Disclosed only if data is compromised (approved by Legal/PR).
7. Training & Testing
- Annual tabletop exercises for CSIRT.
- Employee security awareness training.
8. Policy Compliance
Violations may result in disciplinary action. Exceptions require CISO approval.