Data Breach Incident Response Plan Purpose & Introduction This plan has been produced to provide a coordinated and best practice to a data security breach which can happen for a number of reasons, including but not limited to:
Loss or theft of data or equipment on which data is stored Inappropriate access controls allowing unauthorised use Equipment failure Human error Unforeseen circumstances such as fire or flood Cyber attack Social Engineering offences where information is obtained by deceiving the organisation who holds it
Scope of the Incident Response Plan This document identifies numbered tasks that are the order of steps that need to be taken in the event of an incident. The plan consists of four key elements:
Containment & Recovery Assessment of ongoing risk Notification of breach Evaluation and response
Containment & Recovery
All incidents or suspected incidents must be reported immediately to the Incident Manager The Incident Manager may decide to convene the Incident Response Management Team dependant on the impact and scale of the incident Global Steel Exports, 31 Greenhill Crescent, Watford Business Park, Watford, WD18 8YB. Tel: +44 (0) 1923 658575 658546 Website: www.globalsteelexports.com Registration no: 10517458
Pa ge 1|4

An initial breach evaluation, containment and recovery plan needs to be put into action quickly based on the following:
1. 2. 3. 4. 5.
What is the scale and extent of the breach? Are some systems operating normally? Do we need to take steps to limit or constrain the breach? What resources are required to limit the damage and recover quickly? What is the best way to recover from the breach taking into account:
a.) Risks b.) Impact c.) Timescales d.) Business damage i. Reputational ii. Commercial iii. Legal
Assessing the Risks 6. What are all the types of data that have been breached by the incident (PCI, P11, Special Category, Business Sensitive, etc)? 7. Assess the potential impact and/or damage to the freedom of rights of the individuals who have had personal data breached, if applicable. 8. Who needs to be informed internally and externally? a.) Those responsible internally for the specific data that has been breached b.) The Board of Directors c.) The individuals themselves if there is likely to be an impact on them d.) The Regulator (ICO) e.) The Police f.) Insurers g.) Bank and/or Credit Card companies 9. What are the ongoing risks taking into account: a.) Freedoms, rights, impact or damage to individuals b.) Business Risks c.) Business Impact d.) Business damage – Reputational, Commercial or Legal Global Steel Exports, 31 Greenhill Crescent, Watford Business Park, Watford, WD18 8YB. Tel: +44 (0) 1923 658575 658546 Website: www.globalsteelexports.com Registration no: 10517458
Pa ge 2|4
Notification of Breach Where the breach includes personal data relating to a large number of individuals and/or there is likely to be an impact on those individuals, the ICO must be informed. 10.
Notifications of a breach will include:
a.) How and when the breach occurred b.) What data was involved c.) The level of risk and potential impact that the breach may introduce d.) The actions we have taken already to mitigate the risks and impact e.) Any ongoing risks that are posed by the breach f.) Give clear and specific advice and recommendations for individuals or organisations on any actions they need to take to protect themselves following the breach g.) Describe any other help we are going to provide to help them protect themselves h.) Details of how the individuals or organisations can contact you or other ways to get further information and/or updates on the breach
Evaluation & Response 11. A post incident evaluation of how the breach occurred, how it could have been avoided, how it was managed and any lessons learnt must be carried out and documented for each breach incident. The output from the evaluation must be used to update the Breach Management Plan appropriately.
Data Breach Incident Response Management Team Name Chris Gill Nick Umney
Role Incident Manager (IM) Services & Solutions Director
Contact Number 07525838638 07788393000
Global Steel Exports, 31 Greenhill Crescent, Watford Business Park, Watford, WD18 8YB. Tel: +44 (0) 1923 658575 658546 Website: www.globalsteelexports.com Registration no: 10517458
Pa ge 3|4
Mark Smith
Data Protection Officer (DPO)
07980697499
Global Steel Exports, 31 Greenhill Crescent, Watford Business Park, Watford, WD18 8YB. Tel: +44 (0) 1923 658575 658546 Website: www.globalsteelexports.com Registration no: 10517458
Pa ge 4|4