Incident Management Policy
Purpose: to identify, analyze, respond to, and recover from data security incidents with minimal damage and prompt notification.
Policy Statement
Wise Telecoms recognises data breaches may occur and therefore maintains this Incident Management Policy to minimise damage, cost, and recovery time. The policy focuses on identification, risk analysis, response, remediation, and stakeholder notification.
Definitions
- Accessor: staff member appointed to undertake impact assessments.
- Data Breach: accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
- Data Controller: Wise Telecoms Limited.
- Impact Assessment: risk assessment to determine scope and damage.
Scope
This policy applies to all information Wise Telecoms accesses or processes in the course of business, across all devices and personnel including contractors and agents.
Containment & Recovery
On discovering a breach the Company will:
- Immediately contain and respond to prevent further damage.
- Conduct an Impact Assessment to identify remediation steps.
- Notify the Data Protection Officer (DPO) as required by law.
- Contact DPO: Mrs. Chidinma Olisa (Co-Founder; Katwig & Dale) — address and email are provided in the original document.
Contact details in original: Plot 4A Justice Coker Estate, Ikeja, Lagos; email: info@katwigandDale.com; phone: +2348131500009.
Assessing Risk
Risk assessment factors include type of data involved, sensitivity, encryption protections, fate of the data, and level of detail exposed.
Notifications
- Notify DPO and appropriate stakeholders following assessment.
- Notify the Nigerian Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach.
- Notify affected Data Subjects where the breach poses high risk to rights and freedoms.
- Assess whether police, banks, or other regulators should also be notified.
Evaluation & Response
All breaches must be documented, investigated, and evaluated. The Company will establish an Information Security Board to review incidents and recommend changes to policies and controls. Periodic testing and staff awareness training will be done; disciplinary action will apply to policy violations.