Tropos Alerts - Incident Management Policy

1. Purpose

The purpose of this Incident Management Policy is to establish structured guidelines for the effective identification, reporting, categorization, and resolution of technology incidents related to Tropos Alerts. The policy ensures timely response, transparency, and continuous improvement in handling incidents.

2. Scope

This policy applies to:

• All employees,

• All contractors, and

• All third-party service providers
  who utilize Tropos Alerts as part of the organization’s technology infrastructure.

3. Incident Identification

3.1 Responsibility

• All employees must promptly report unusual activity, service disruptions, or security incidents related to Tropos Alerts.

3.2 Monitoring

• Automated monitoring tools will be employed to detect, log, and alert on potential incidents.

4. Incident Reporting

4.1 Channels

• Incidents must be reported through designated reporting channels, including:

  • A dedicated incident reporting platform, or

  • Direct reporting to the IT or Security department.

4.2 Report Content
Incident reports should include:

• Description of the incident,

• Affected systems/services,

• Date/time of occurrence,

• Observed or potential business impact.

5. Incident Categorization and Prioritization

• The incident response team will categorize each incident based on type (e.g., service outage, security breach, performance issue).

• Incidents will be prioritized according to severity and potential business impact (e.g., Critical, High, Medium, Low).

6. Incident Response

6.1 Containment and Recovery

• A dedicated incident response team will take immediate actions to contain, eradicate, and recover from the incident.

6.2 Procedures

• Incident handling will follow established Tropos Alerts resolution procedures tailored to the incident type.

7. Communication

• Clear and timely communication will be maintained throughout the incident lifecycle.

• Regular updates will be provided to:

  • Internal stakeholders (e.g., management, IT teams), and

  • External stakeholders (e.g., customers, partners), where applicable.

• Communication will emphasize transparency and accountability.

8. Documentation

• Every incident will be fully documented, including:

  • Timeline of events,

  • Actions taken,

  • Final resolution, and

  • Post-incident analysis.

• Documentation will support root cause analysis and preventive actions.

9. Escalation

• Severe incidents or those causing extended downtime will be escalated to higher levels of management.

• If necessary, regulatory bodies or external partners will also be notified.

10. Training and Awareness

• Employees will undergo regular training on incident reporting procedures.

• Awareness programs will reinforce the importance of timely reporting and adherence to escalation procedures.

11. Continuous Improvement

• The incident management process will be reviewed regularly.

• Lessons learned from past incidents will be integrated into updated response procedures.

• Feedback loops will ensure continuous improvement in detection, response, and prevention.

12. Compliance

This policy aligns with relevant legal, regulatory, and industry requirements related to incident management, cybersecurity, and data protection.

13. Review and Approval

• This policy will be reviewed annually.

• Updates will be approved by management and communicated to all relevant stakeholders.

14. Enforcement

• Non-compliance with this policy may result in disciplinary action, in line with the organization’s broader IT and security policies.