Does Fininly have a defined cybersecurity incident management process?

In the event of such a Security Incident, Fininly shall provide you with a detailed description of the Security Incident and the type of Personal Information concerned, unless otherwise prohibited by law or otherwise instructed by a law enforcement or supervisory authority.

Fininly shall without undue delay (and in any event within thirty-six (36) hours) inform the affected customer in writing, whenever Fininly reasonably believes that there has been an Information Security Incident.

Fininly shall inform the customer with as many details as known at that time (and regularly update the customer thereafter in writing or by email followed by a written notification) setting out in reasonable detail, without limitation, the nature of the information compromised, threatened, or potentially compromised, the specific information compromised or potentially compromised and of all events which may adversely affect the Vendor's ability to provide the Service.

Following such notification, Fininly will take reasonable steps to mitigate the effects of the Security Incident and to minimize any damage resulting from the Security Incident.

Fininly will assist and cooperate with affected customers with any necessary or appropriate disclosures and other investigative, remedial, and monitoring measures as a result of the security incident.

Does Fininly have external reporting procedures in place for cybersecurity or privacy incidents?

Incident report is handled as part of our incident management process, whereby incidents impacting customers are reported to respective customers.

For privacy-specific incidents, the process is governed by the DPA customers, and authorities are informed as required by the law.

How can incidents be reported?

Incidents can be reported through our Incident Reporting form.

What SLA is offered for the solution?

SLA: 99,5%