What is Sutori's breach plan and policy?
Overview
All Sutori staff have a responsibility to remain vigilant and protect the data stored within the systems we support. In the event of a cyber security incident, Sutori's staff have been trained to expeditiously deal with the matter.
Any event that threatens the confidentiality, integrity or availability of the information resources we support or utilize internally should immediately be reported to management. Teachers, students and parents are encouraged to notify Sutori immediately of possible breaches or improper disclosures of data by emailing us at info@sutori.com
Incident Types
Types of cyber incidents that may threaten Sutori are:
Unauthorized attempts to gain access to a computer, system or the data within
Service disruption, including Denial of Service (DoS) attack
Unauthorized access to critical infrastructure such as servers, routers, firewalls, etc.
Non-compliance with security or privacy protocols
Data theft, corruption or unauthorized distribution
Documentation
Regardless of whether it is determined there is a security threat, Sutori will accurately document the scenario in a Cyber Security Incident Log.
All Cyber Security Incident Logs will be stored in a single location so incident information may be reviewed in the future. This report contains the following information:
Who reported the incident
Characteristics of the activity
Date and time the potential incident was detected
Nature of the incident (Unauthorized access, DDoS, Malicious Code, No Incident Occurred, etc.)
Potential scope of impact
Communication to stakeholders
In the event the incident involves the unauthorized access or disclosure of confidential student or teacher information, Sutori will communicate information relevant to the incident via email as well as any additional requested information to which they have a right (e.g. specific student information, educator presentations, etc.).
Best practices
Sutori implements practices designed to proactively reduce the risk of unauthorized access or disclosure, such as training staff with respect to legal compliance requirements, following appropriate physical security and environmental controls for technical infrastructure, and deploying digital security measures such as firewalls, malware detection and numerous other industry standard systems.
Updated on: 17/08/2022