RELIANOID Incident Response & Reporting Procedures

Last Reviewed: 14th April 2025
Next Review Due: 14th April 2026
Status: RELIANOID is committed to maintaining high standards of cyber resilience, transparency, and proactive incident management.
(Public Summary)

Purpose

At RELIANOID, we take the security and continuity of our services seriously. This Incident Response & Reporting Policy outlines how we detect, respond to, and communicate about security incidents that may affect our systems, customers, or partners. Our goal is to minimize disruption, protect data, and ensure regulatory compliance.

What Is a Security Incident?

A security incident is any event that may:

  • Disrupt service availability (e.g., DDoS attacks)
  • Involve unauthorized access to data or systems
  • Affect confidentiality, integrity, or availability of information
  • Require investigation or action under GDPR, DORA, or NIS2

Incident Response Lifecycle

RELIANOID follows a structured 5-phase incident response process:

PhaseActions
1. DetectionMonitor logs, alerts, and reports for unusual or unauthorized activity
2. ContainmentIsolate affected systems or services to limit impact
3. EradicationIdentify and remove the root cause (e.g., malware, misconfigurations)
4. RecoveryRestore systems, validate integrity, and resume normal operations
5. Lessons LearnedConduct a post-incident review, document findings, and improve controls

Preparedness Measures

  • Continuous monitoring and automated threat detection
  • Regular vulnerability scans and penetration testing
  • Incident Response Plan (IRP) drills and tabletop exercises
  • Defined roles for the Security and Engineering Teams

Customer Notification Process

If a confirmed incident impacts customer data or service, RELIANOID will:

  • Notify affected customers without undue delay
  • Share details of the scope, root cause, and remediation steps
  • Assist in regulatory notifications (if applicable)
  • Maintain secure communication channels throughout the incident

How to Report a Security Issue

We welcome responsible disclosure of potential vulnerabilities or incidents.
If you suspect a security issue affecting RELIANOID please contact us. Include details like logs, IP addresses, and timestamps when available.

We aim to acknowledge all reports within 24 hours and resolve valid issues promptly.

Recordkeeping and Compliance

  • All incidents are logged and retained for audit purposes
  • Reports may be shared with regulators, as required under DORA or NIS2
  • Our team tracks metrics like Time to Detect (TTD) and Time to Respond (TTR)