Incident management and breach notification

Last updated July 2, 2026

We maintain a structured incident management process aligned with ITIL best practice. If a security incident affects client data or systems:

1. Detection and triage

Security events are identified through monitoring, alerting and manual reporting channels, triaged by severity, and assigned to response personnel. Critical incidents involving client data are escalated immediately.

2. Containment and eradication

Affected systems are isolated to prevent further impact. Root cause analysis identifies the attack vector or failure point, and remediation eliminates the threat.

3. Client notification — within 24 hours

You are notified of any confirmed security incident affecting your data within 24 hours of confirmed detection, including the nature of the incident, the data potentially affected, containment actions taken, and recommended next steps.

Where the Notifiable Data Breaches (NDB) scheme applies, we support you in meeting your notification obligations to the Office of the Australian Information Commissioner (OAIC).

4. Recovery and lessons learned

Systems are restored from verified clean backups where required. A post-incident review identifies improvements, and the findings are documented and shared with you.

Still need help?

Can't find what you're looking for? Get in touch with our support team.