Incident Response

Security is Our Priority

In a way, that explains our seemingly intense approach to data security, and it should also explain our primary purpose for publishing this policy for responding to data breaches of any kind as they happen.

Our reasons for establishing this policy are numerous, but the primary purpose is to establish a corporate culture that reflects just how valuable all elements of our operation are. Not only is our company valuable, but our customers are even more so. In addition, the integrity of our software is just as valuable because it serves as a vital cog in the dayto-day operations of our thousands of customers.

PolicyPak is dedicated to the protection of our own intellectual property, as well as the security, safety, integrity, and privacy of our customers and their workers. That is why one of our primary goals is to maintain a strong commitment to protecting our own products.

Our Approach to Breach Remediation

Simultaneously, we thoroughly investigate any potential breach and then we decide on the most appropriate response to any security problem based on a strategy of identify and confirm, we also reserve the right to choose our response to the security breach and address any and all concerns uncovered in the investigation.

In addition, PolicyPak reserves the right to take whatever safeguards we find appropriate to address the observed security breaches and to remediate any appropriate security vulnerabilities we discover throughout the process through any process we deem necessary to restore order, including those designed to stop the breach and put a stop to any loss of data, removing previously secure information from the internet and making all websites secure, and reassessing the access privileges of third-party service providers.

Policy Procedures and Our Approach to Security

This Policy describes the PolicyPak approach to safety, security, and privacy. It describes what we will do whenever we detect any kind of problem that threatens data that is in our possession, or any data that we manage on behalf of ourselves or our customers. PolicyPak chooses to take this approach for every bit of data we deal with, regardless of how much or how little we actually store, process, or manage the data. This Policy will also describe the actions we take based on the type of data breach and its perceived severity. We do all this on behalf of our customers because we value them and their security and privacy.

As you will see from this data breach policy statement, PolicyPak also strives to provide our customers with ongoing technical support, as a vital aspect of our commitment to our users' safety, security, and privacy. When it comes to constantly tweaking our security practices, we do so as a way to reduce and possibly even eliminate the exposure of risk related to security.

How to Report a Data Breach

Anyone who believes they have encountered any sort of security problem, including an exposure of sensitive data or data subject to protection as defined in the law with regard to privacy and cybersecurity, or in PolicyPak policy and procedure documents, should immediately have a detailed description of the possible violation then call 1-800-883- 8002.

Every security breach report we receive is and always will be thoroughly investigated by the PolicyPak security team, first to confirm that a security breach actually happened, and then to apply it to our fully developed procedures for breach responses.

Once a data breach or other type of security problem has been identified and confirmed, we will begin the process of removing access to the compromised data or other resource.

The full response will be determined by a team assembled by PolicyPak security personnel from virtually every area of the company, including Human Resources, Legal, Information Systems and Security, Business Operations and Management and more. They will respond with data forensics in order to determine the source of the security problem, as well as who is responsible and a detailed list of those who have been impacted by the security problem.

Overall, it is important to note that everything in this document is intended to demonstrate PolicyPak's unrelenting commitment to making sure our customers can trust us to properly care for their safety and data security, and to make sure they know that our software will always incorporate the latest and most effective security measures to keep their data as secure as possible at all times.

In order to always keep that commitment to everyone who uses our software, we also have committed to review our policies at least once per year and updated to keep our policies and procedures both current and effective.