Purpose

Procedures for responding to security incidents and data breaches.

Scope

Applies to any security incident affecting Movement.so systems or customer data.

Incident Types

• Unauthorized access to systems or data
• Data breach or exposure
• Malware or cyberattack
• Suspected account compromise

Response Procedure

1. Detection & Reporting (0-1 hour)

• Any team member discovering a potential security incident reports immediately to senior management via Slack or Email
• Document: what happened, when discovered, what systems affected

2. Assessment (1-2 hours)

• Senior management assesses severity and scope
• Determine if customer data is affected
• Contain the incident (e.g., disable compromised accounts, block malicious IPs)

3. Containment & Resolution (2-24 hours)

• Stop the incident from spreading
• Remove threat from systems