AU-4.7.6
The applicant should provide a procedure for monitoring, handling and following up on security incidents and security-related customer complaints, containing, but not limited to, the following information:
(a) organisational measures and tools for the prevention of cyber events and fraud;
(b) details of the individual(s) and bodies responsible for assisting customers in cases of fraud, technical issues and/or claim;
(c) reporting lines in cases of fraud;
(d) the contact point for customers, including a name and email address;
(e) the procedures for the reporting of incidents, including the communication of these reports to internal or external bodies, including notification of major incidents to national competent authorities;
(f) the monitoring tools used and the follow-up measures and procedures in place to mitigate security risks.
Added: December 2018