It is important that all members of the Human Made team are aware of our Incident Response Procedure, including your own responsibilities within that procedure. This procedure also applies to people outside the organisation such as suppliers and clients and website visitors who wish to report a security incident.
A security incident is:
single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security
Reporting information security events
Information security events or system weaknesses that could lead to an incident should be reported to security@humanmade.com. If you wish to disclose an issue anonymously you should create a new email account (e.g. a throwaway/alias account) and email or security@humanmade.com. You can follow this guide to learn how to send email anonymously.
Examples of information security events are:
- Phishing emails or telephone calls
- Access violations
- Breaches of Human Made’s confidentiality policy
- Security vulnerabilities on Human Made’s website or our plugins
- Security vulnerabilities on client websites
- Uncontrolled system changes
- Staff misconduct relating to information security
- Loss of laptop or mobile phone
- Security weaknesses or data breaches at suppliers, partners or clients
security@humanmade.com can be accessed by:
- Members of the executive team
- Ryan McCue
- Petya Raykovska
Security incidents will be logged in the Incident Response Log.