Procedure for monitoring, handling, and following up on security incidents and security-related customer complaints
AU-4.7.6
The applicant should provide a procedure for monitoring, handling and following up on security incidents and security-related customer complaints, containing, but not limited to, the following information:
(a) organisational measures and tools for the prevention of cyber events and fraud;(b) details of the individual(s) and bodies responsible for assisting customers in cases of fraud, technical issues and/or claim;(c) reporting lines in cases of fraud;(d) the contact point for customers, including a name and email address;(e) the procedures for the reporting of incidents, including the communication of these reports to internal or external bodies, including notification of major incidents to national competent authorities;(f) the monitoring tools used and the follow-up measures and procedures in place to mitigate security risks.Added: December 2018
