Reporting and Communication

  • All critical vulnerabilities and incidents reported to:

    • Head of Security

    • CTO and COO

    • External regulators (e.g., FCA, ICO) where thresholds are met if investors are involved

  • Maintain evidenced audit trails of:

    • Vulnerability scans

    • Patching SLAs

    • Risk treatment plans

    • External reports

References:

FCA https://www.fca.org.uk/

ICO https://ico.org.uk/about-the-ico/our-information/regulators-code/

PreviousPenetration Testing and Technical Security Assessments (SP 800-115)NextMetrics and Monitoring

Last updated