Skip to main content
Finpliq
Start free
← Policy library

Security

Incident Response Policy

How Finpliq identifies, responds to and communicates security incidents.

Owner
Security & Compliance
Effective from
8 July 2026
Last reviewed
8 July 2026
Review cycle
Annual or following material change

At a glance

Security incidents are triaged, contained, investigated and recorded.

Customer, ICO or HMRC notifications are made where legally or contractually required.

Full policy

Incident categories include unauthorised access, suspected data breach, tenant isolation failure, compromised credentials, suspicious admin activity, service disruption, malware, supplier incident and HMRC filing/security incident.

Response steps include detection, triage, containment, evidence preservation, eradication, recovery, communication and post-incident review.

Incident records should include timeline, affected systems, affected data, decisions, communications, remedial actions and lessons learned.

No incident communication should speculate or conceal material facts. Communications must be accurate, proportionate and timely.