Cybersecurity Event Response

Purpose:

To define the process for identifying, responding to, and mitigating cybersecurity events and incidents that could impact the security of Pitaka’s systems, data, and users, in compliance with applicable Philippine laws and regulations.

Scope:

This policy applies to all employees, contractors, and third-party vendors involved in managing or accessing Pitaka’s systems, networks, and data.

Policy

1. Incident Detection and Reporting:

All cybersecurity incidents, including data breaches, unauthorized access, malware infections, denial-of-service attacks, and other suspicious activities, must be reported immediately to the designated security team. Pitaka will deploy continuous monitoring tools and establish logging mechanisms to detect potential security threats in real-time. Users and employees must be trained to recognize and report cybersecurity events promptly.

2. Incident Response Team (IRT):

Pitaka will establish a dedicated Incident Response Team (IRT) responsible for managing and mitigating cybersecurity incidents. The IRT will consist of personnel with the technical expertise to assess, contain, and respond to cybersecurity events. The team will maintain updated contact information for key stakeholders, including external experts, legal counsel, and regulatory authorities.

3. Incident Response Phases:

The cybersecurity event response will follow a structured, multi-phase process:

a. Identification:

The IRT will investigate reported incidents, using logs, security tools, and user reports to confirm whether a cybersecurity event has occurred. The scope and impact of the event will be assessed, including which systems, data, or users are affected.

b. Containment:

Immediate measures will be taken to contain the incident, such as isolating affected systems, disconnecting compromised devices, or blocking malicious traffic. The IRT will work to prevent further damage or data loss during this phase.

c. Eradication:

The root cause of the incident (e.g., malware, exploited vulnerability) will be identified and removed from the affected systems. Steps will be taken to prevent the recurrence of the incident, including applying patches, updating software, or revising security configurations.

d. Recovery:

Once the incident has been contained and eradicated, affected systems and data will be restored to full functionality. The IRT will verify that all vulnerabilities have been addressed before restoring services, ensuring no residual threats remain.

e. Post-Incident Review:

A post-incident review will be conducted to analyze the incident, assess the effectiveness of the response, and identify any gaps or improvements in the incident response process. A formal incident report will be compiled, including details of the incident, actions taken, and recommendations for future prevention.

4. Communication and Notification:

In the event of a data breach or significant cybersecurity event, the IRT will notify affected users, management, and regulatory authorities (e.g., National Privacy Commission, Bangko Sentral ng Pilipinas) in accordance with relevant laws and regulations. Affected parties will be informed of the nature of the incident, the data potentially compromised, and the steps they can take to protect themselves.

5. Legal and Regulatory Compliance:

The incident response process will comply with the Data Privacy Act of 2012, the Cybercrime Prevention Act of 2012, and any other relevant Philippine laws and regulations. Regular audits and assessments will be conducted to ensure the incident response plan aligns with legal requirements and industry best practices.

6. Incident Logging and Documentation:

All cybersecurity events and incidents must be logged, including the timeline of the event, actions taken, personnel involved, and outcomes. Documentation will be securely stored and made available for future audits, investigations, and lessons learned.

7. Training and Awareness:

All employees and contractors must undergo regular cybersecurity training to stay informed about the latest threats and incident reporting procedures. The Incident Response Team will conduct periodic simulations and drills to test the effectiveness of the response plan and ensure readiness.

8. Continuous Improvement:

Following each incident, the response plan will be updated based on lessons learned and evolving threats. Feedback from post-incident reviews will be used to enhance detection mechanisms, improve response procedures, and strengthen preventive measures.

9. Policy Enforcement:

Non-compliance with this policy may result in disciplinary actions, including termination of employment or revocation of system access. Violations of cybersecurity protocols may also result in legal action depending on the severity of the incident.

Purpose:​

Scope:​

Policy​

1. Incident Detection and Reporting:​

2. Incident Response Team (IRT):​

3. Incident Response Phases:​

a. Identification:​

b. Containment:​

c. Eradication:​

d. Recovery:​

e. Post-Incident Review:​

4. Communication and Notification:​

5. Legal and Regulatory Compliance:​

6. Incident Logging and Documentation:​

7. Training and Awareness:​

8. Continuous Improvement:​

9. Policy Enforcement:​