1.1 This policy sets out the procedure to be followed to ensure a consistent and effective approach is in place for managing data breaches and information security incidents.

1.2 The objective of this policy is to help e-Learn Design (ELD) clients contain breaches, minimise the risk associated with a breach, and consider what action is necessary to prevent further breaches and information security incidents.

2.1 For the purpose of this policy, data security breaches include both confirmed and suspected incidents.

2.2 An incident in the context of this policy is an event or action which may compromise the confidentiality, integrity or availability of systems or data, either accidentally or deliberately.

2.3 An incident includes, but is not restricted to, the following:

• system failure;
• unauthorised use of, access to or modification of data or information systems;
• attempts (failed or successful) to gain unauthorised access to information or IT system(s);
• unauthorised disclosure of sensitive/confidential data;
• hacking attack;
• password compromise;
• human error; or
• ‘blagging’ offences, where information is obtained by deceiving the organisation that holds it.

3.1 Confirmed and suspected data breaches and information security incidents will be reported internally by ELD staff, following documented procedures and protocols.

3.2 Confirmed and suspected data breaches and information security incidents should be reported by clients via email to security(at)e-learndesign(dot)co(dot)uk, by calling 0845 474 4512, or through the helpdesk reporting web page.

4.1 Once notified internally of a confirmed or suspected data breach or security incident, ELD will take the appropriate steps for containment and mitigation of potential data loss.

4.2 Once notified by a client of a confirmed or suspected data breach or security incident, ELD will take the appropriate steps to assist them in containment and, where possible, recovery of any lost data through backups.

4.3 Should a confirmed or suspected data breach or security incident be due to a client password compromise, clients should update their passwords as soon as possible.

5.1 Immediately following any incident, a full investigation (including root-cause analysis and impact assessment) will be undertaken to identify any actions necessary to prevent recurrence.

5.2 If appropriate, a report recommending client-specific changes to systems, policies and procedures will be provided for consideration.

5.3 If required, any actions necessary to prevent recurrence will be undertaken by ELD.

6.1 Immediately after investigation, ELD will send reports to impacted clients with details of what the incident was, the root cause, and the steps taken and/or planned to prevent recurrence.

6.2 If deemed necessary, an official report will be made to the appropriate authority by ELD.

6.3 All breaches will be documented, even if an official report is not deemed necessary.

7.1 This policy will be updated as necessary to reflect best practices and to ensure compliance with any changes or amendments to relevant legislation.