<h1>Incident Response Policy</h1>
<p><strong>Effective Date:</strong> 30 June 2025</p>
<p>This Incident Response Policy outlines Uzabiz’s procedures for identifying, managing, and responding to security incidents in a timely and effective manner.</p>
<h2>1. Purpose</h2>
<p>The purpose of this policy is to minimize the impact of security incidents, ensure continuity of services, and protect customer data, systems, and reputation.</p>
<h2>2. Scope</h2>
<p>This policy applies to all Uzabiz employees, contractors, and third-party service providers who use or manage systems and data belonging to Uzabiz.</p>
<h2>3. Definition of a Security Incident</h2>
<p>A security incident is any attempted or actual unauthorized access, use, disclosure, modification, or destruction of information, or interference with system operations. Examples include:</p>
<ul>
<li>Phishing or malware attacks</li>
<li>Unauthorized access to systems or data</li>
<li>Data loss or breaches</li>
<li>Denial-of-service (DoS) attacks</li>
<li>System compromise or unusual behavior</li>
</ul>
<h2>4. Incident Response Team (IRT)</h2>
<p>The Uzabiz Incident Response Team (IRT) is responsible for managing incidents and includes representatives from IT, Legal, Security, and Executive Management.</p>
<h2>5. Incident Response Phases</h2>
<ol>
<li><strong>Identification:</strong> Detect and confirm the security incident.</li>
<li><strong>Containment:</strong> Limit the scope and impact of the incident.</li>
<li><strong>Eradication:</strong> Remove the root cause and eliminate the threat.</li>
<li><strong>Recovery:</strong> Restore systems and services to normal operations.</li>
<li><strong>Lessons Learned:</strong> Document findings and improve future response procedures.</li>
</ol>
<h2>6. Reporting Incidents</h2>
<p>All suspected incidents must be reported immediately via email to <a href=”mailto:security@uzabiz.com”>security@uzabiz.com</a> or through the internal reporting platform.</p>
<h2>7. Notification and Communication</h2>
<p>Uzabiz will notify affected parties, regulators, or customers in accordance with applicable laws and contractual obligations, typically within 72 hours of confirming a breach.</p>
<h2>8. Documentation and Review</h2>
<p>All incidents will be documented, including the timeline, actions taken, and resolution. The Incident Response Policy will be reviewed annually or after any major incident.</p>
<h2>9. Enforcement</h2>
<p>Failure to comply with this policy may result in disciplinary action, including termination of access or employment.</p>
<h2>Contact</h2>
<p>For more information or to report a concern, contact the Security Team at <a href=”mailto:security@uzabiz.africa”>security@uzabiz.africa</a>.</p>
