Security Incident Response Plan


This document explains how bindCommerce has planned to handle any security incidents.

Analysis and documentation of the incident

bindCommerce manages a Security Incidents Log. This log is placed in the space Direzione, folder  “/Data Protection / Security Incidents Log” inside to the project management system Clickup.

The following information is collected for each register:

  • Date of discovery
  • Name of the person who reported the incident
  • Name of the security manager
  • Details of the incident
  • Personally Identifiable Information involved
  • Companies / Marketplace from which the data originates
  • Communications register
  • Investigation of the causes
  • Corrective actions
  • Planning preventive actions to prevent it from happening again
  • Folder for attachments (folder in the corporate document management system where be save all evidences of the incident)

Security manager

The security manager is the person who coordinates the analysis, write or approve the documentation and take decisions about the security incident.

The security manager must follow the company guidelines and propose new rules to improve the process.

Communication of the incident

In order to respect the European laws (GDPR), we must report a notifiable breach to the “Garante per la protezione dei dati personali” (Italian guarantor for the protection of personal data) without undue delay, not later than 72 hours after becoming aware of it (ref. https://www.garanteprivacy.it/web/guest/regolamentoue/databreach).

If the incident involves data from Amazon, the security manager will inform Amazon (via email to This email address is being protected from spambots. You need JavaScript enabled to view it.) within 24 hours of detecting any Security Incidents and waits until the end of the 72 hours to be able to make a communication in agreement with Amazon.

Revision of this document

The company must review and verify the plan every six (6) months and after any major infrastructure or system change.

Last update of this document: 27/03/2022

0 of 5 - 0 votes
Thank you for rating this article.

bindCommerce

bindCommerce s.r.l.

VAT Number IT07798861212 - SDI M5UXCR1
Registered in Napoli - REA: NA - 910618
Share capital € 20.000,00 fully paid
Tel: +39 011 089 122 0
E-mail: [email protected]

PON 2014>20 Riaccendiamo lo sviluppo