Incident Response & Security Policy

Back to Document Center

​

Effective Date: 30 April 2025

​​​​​

This Incident Response & Security Policy ("Policy") outlines the security measures and incident response framework implemented by ByteWise Techlabs LLP. ("Company") for its AuditWise platform. This Policy ensures compliance with industry standards and regulatory requirements.

​

1. Purpose & Scope

This Policy establishes a structured approach to detecting, reporting, managing, and mitigating security incidents affecting AuditWise. It applies to:

• All employees, contractors, and third-party service providers handling AuditWise data.

• All systems, networks, and applications involved in AuditWise operations.

​

2. Incident Classification

Security incidents are categorized based on severity:

​​

​

​

​

​

​

​

​

​

​

​

​

​​​

3. Incident Detection & Reporting

3.1 Detection Methods:

• Automated monitoring and alerts through available systems.

• Employee & customer reports via designated security contacts.

​

3.2 Incident Reporting:

• All security incidents must be reported immediately to compliance@auditwise.io.

• Employees must use designated reporting channels (internal security team, hotline, or ticketing system).

​

4. Incident Response Process

4.1 Incident Response Stages

1. Identification: Confirm if a security event qualifies as an incident.

2. Containment: Implement immediate steps to prevent further damage.

3. Eradication: Remove threats, malware, or unauthorized access.

4. Recovery: Restore affected systems to a secure state.

5. Post-Incident Review: Document lessons learned and improve security controls.

​

4.2 Incident Response Team (IRT)

The Incident Response Team (IRT) includes:

• Incident Manager (Leads response coordination)

• IT & Security Team (Technical investigation and containment)

• Legal & Compliance (Regulatory reporting and notifications)

• Communications Team (Customer notifications, if needed)

​

5. Breach Notification & Compliance

5.1 Notification to Customers

• If a data breach occurs, affected customers will be notified within 48 hours.

• The notification will include:

  • Nature of the breach

  • Data impacted

  • Mitigation steps taken

  • Further recommended actions

​

5.2 Regulatory Compliance

• Incidents will be reported to relevant regulatory authorities as per compliance requirements.

• AuditWise maintains an Incident Log for all security events.

​

6. Preventive Security Measures

• Multi-factor authentication (MFA) for all access points (wherever available).

• Regular security audits and penetration testing.

• Encryption (AES-256) for data at rest and in transit.

• Access Control Policies restricting sensitive data access.

• Continuous employee security awareness training.

​

7. Third-Party Security & Vendor Management

• Third-party vendors handling AuditWise data must comply with security standards equivalent to those outlined in this Policy.

• Regular third-party security audits are conducted.

​

8. Policy Review & Amendments

• This Policy is reviewed annually and updated as needed to align with emerging threats and compliance requirements.

​

9. Contact Information

For any security concerns or incident reports,

• Support Email: support@auditwise.io

• Compliance Email: compliance@auditwise.io

​​

Thank you for trusting AuditWise!

​​

​Back to Document Center

​