Do you have any incident response programs in place?
All reports of information security weaknesses/incidents or events relating to any of Maytech’s information assets are within the scope of:
If the incident results in unauthorised access to customer data we will inform the Customer within one hour on what actions have been taken and what controls are put into place to prevent any repeat incidents.
Users are not allowed to continue working after identifying a possible weakness/incident or information security event which affects their activities.
What is your process for notifying customers of data breaches?
On identification of any breach we would inform the Customer within an hour or as soon as is practicable.
What is your process for identifying newly discovered security vulnerabilities?
Maytech security team keep abreast of the security landscape via weekly and monthly subscriptions to industry related news, daily vulnerability scanning of services and via an annual penetration test.
Are your information security controls regularly assessed by an internal audit team? If so, please describe and provide their findings.
Yes, we conduct thorough internal audits which cover core aspects of the ISMS throughout the year. Results available on request.