Incident Response Policy

Note: Vidovo, Inc is referred to as "Vidovo" throughout this document.

Purpose

This Incident Response Policy establishes Vidovo's procedures for responding to security incidents, particularly those involving data breaches or unauthorized access to information.

Scope

This policy applies to all security incidents affecting Vidovo's systems, data, or information assets.

Security Incident Definition

A security incident includes any event that compromises the confidentiality, integrity, or availability of Vidovo's information systems or data, including but not limited to:

  • Unauthorized access to systems or data
  • Data breaches involving customer or business information
  • Malware infections or system compromises
  • Loss or theft of devices containing sensitive data
  • Unauthorized disclosure of confidential information

Incident Response Procedures

Detection and Reporting

All employees, contractors, and personnel who become aware of a security incident must immediately report it to Vidovo management.

Initial Response

Upon receiving notification of a security incident, Vidovo management will:

  • Confirm and assess the incident
  • Contain the incident to prevent further damage
  • Preserve evidence as appropriate
  • Investigate the scope and impact of the incident

Breach Notification

In the event of a security incident involving a data breach, Vidovo will make reasonable efforts to notify affected parties if:

  • Their contact information is still on file with Vidovo, and
  • Their contact information was shared with or made available to Vidovo

Method of Notification: Notification will be provided via email, postal mail, or other reasonable means based on available contact information.

Timing: Notification will be provided in accordance with applicable legal requirements and as soon as reasonably practicable following confirmation of the breach.

Disclaimers and Limitations

No Guarantees

Vidovo makes no guarantees regarding:

  • The detection of all security incidents
  • The prevention of security incidents or data breaches
  • The completeness or accuracy of breach notifications
  • The ability to successfully notify all affected parties
  • The timeframe for incident detection, response, or notification

Notification Limitations

Vidovo's ability to notify affected parties is limited by:

  • The availability and accuracy of contact information on file
  • Whether contact information was provided to or shared with Vidovo
  • Changes to contact information that have not been communicated to Vidovo
  • Technical limitations in reaching affected parties

Vidovo is not responsible for failed notifications due to outdated, incorrect, or unavailable contact information.

Contact Information Updates

Affected parties are responsible for maintaining current contact information with Vidovo. To update contact information, please contact:

Vidovo
Email: contact@vidovo.com

Post-Incident Activities

Following a security incident, Vidovo will:

  • Document the incident and response actions taken
  • Identify root causes and contributing factors
  • Implement corrective actions to prevent similar incidents
  • Review and update security policies and procedures as needed

Policy Review

This policy will be reviewed and updated periodically or as needed based on changes in business operations, legal requirements, or lessons learned from security incidents.

Contact Information

To report a security incident or for questions about this policy:

Vidovo
Email: contact@vidovo.com