Data Breach Policy

Purpose

Augnito India Private Limited (AIPL) recognizes that cybersecurity and data privacy are important considerations in today’s digital world. AIPL is committed to responding quickly and decisively to any suspected or confirmed cybersecurity or data privacy incident. AIPL has crafted this Data Breach Policy and Procedures (this “Policy”) and the corresponding plan and worksheets to help those responding to an inevitable Incident.

Scope

AIPL has implemented the following procedures to follow in the event of a data breach involving personally identifying information (PII) or other confidential information maintained on personal computers, agency networks, or internet programs used by staff and volunteers.

In an effort to prevent a breach of data and PII, AIPL has implemented the following measures to prevent the breach of data:

  • Technical Support Service Provider
  • Installed anti virus intrusion notification software.
  • Agency procedures for personal access and use of agency computers
  • Org Wide compliance training to make the employees aware
  • Advisory’s on security related issues to help employee stay updated
  • Law enforcement support to locate and apprehend perpetrators.

In the event of a data breach or imminent breach of PII data, in order to contain the data breach and minimize the extent of the intrusion:

  • Disconnect the affected and related systems or networks from Internet access.
  • Contact the infosec team (infosec@augntio.ai) to notify them of the data breach or imminent breach of PII data.
  • Inform Cert-In if required
  • Document in incident security tracker with the following details- date and time the breach occurred, what files the user was accessing at the time of the breach, the authorized person contacted, and actions taken to secure data.
  • Review virus/malware/other protective software to review system vulnerabilities and increase the level of protection for the system.
  • If possible, reimage the system and restore from backup files
  • Issue advisory to employees based on learning from the incidence to help employee respond better to such incidents.

Following the incident, AIPL staff will review procedures to determine if any actions by the user or the team contributed to the data breach. If found so, disciplinary action will be initiated against the employee in fault. Employees will be updated on policies to protect against data breaches or imminent breaches of PII data.

IT team will review software, updates, and software/data protection programs to improve the security of the data and operating system to prevent further incidents. Information related to the data breach will be documented on the incident log, repairs or modifications implemented will be included on the log and kept in a secure location.

A periodic review of reported incidents will be shared with the management by the information security team to align and improve the system based on their inputs.