Security incident handling at twoday
twoday's approach to addressing security incidents involves a structured procedure designed to minimize impacts on both twoday and its customers. To safeguard against these incidents, twoday has established a dedicated team and a defined protocol.
Engagement of twoday Data Protection Organization
The twoday Protection Council convenes monthly to evaluate relevant incidents as well as the process, ensuring our security incident toolbox is as optimal as can be.
For inquiries about the process, please contact us at security@twoday.com.
The incident handling process
Alert Reception
twoday promptly responds to potential security incidents reported either by customers or twoday employees. A designated Incident Coordinator is appointed, and the Security Operations team is immediately activated. Employees are trained to recognize and report security incidents, ensuring swift response. If you need to report an incident, reach out to your customer contact or send an alert to security@twoday.com. The team operates 24/7.
Assessment and Resolution
A specialized Incident Response Team investigates the incident's root cause and resolves it. This team comprises cybersecurity experts with diverse technical skills, collaborating with the affected product's specialists. twodays's Security Operations team manages day-to-day security operations and serves as incident handling experts, providing training and guidance to product teams.
twoday Group Legal, alongside the local Data Protection Manager, ensures risk assessment and effective communication. Internal and external stakeholders are continuously updated through dedicated incident chat rooms. Mitigating actions are taken promptly, with details documented in the Incident Report, including root cause analysis, incident specifics, and consequences for affected data subjects.
Crisis Management
Incidents with significant negative impacts are categorized as crises. The crisis management team, including twoday Group Management and relevant company members, mobilizes to initiate clear roles, responsibilities, and actions. This process focuses on crisis impact assessment, handling, and closure.
Reporting to Local Data Protection Authorities
twoday operates globally, reporting incidents in the countries where affected data subjects reside. Reporting occurs if twoday is the data controller; if twoday is the data processor, the data controller (customer) decides on reporting. twoday advises customers to adhere to EDPB guidelines.
Review and Closure
Upon resolution and return to normal operations, a Review Meeting is held with all participants, including twoday Group Legal. The Incident Report is meticulously reviewed for completeness. Process adherence is also evaluated, enabling continuous improvement and training enhancements for the incident response team.