The Security Team is involved in any incident where the content of the incident is related to the following scope:

• Physical security incidents,

• Third party IT security policy violations, attacks or intrusions

• Internal IT security policy violations

• Attempted policy violations, attacks or intrusions.

We have policies that define our standards and guidelines of the program, with documented procedures that detail handling, communication, and reporting to customers, regulators, and law enforcement.

The team will follow the Data Breach Notification Procedure to notify relevant internal and external parties.

Security incidents are reviewed regularly by the Security Steering Committee which consists of senior stakeholders from across the business.