PainChek treats all reported cybersecurity, application, and server incidents with the highest level of urgency. PainChek has a documented Incident Management Policy (in line with our commitment to ISO-27001), and documented business continuity plans.
In general, our incident response follows standard, and documented steps including: Identification, Containment, Remediation, Root-cause analysis, and a formal post-mortem and approval process.
PainChek uses a number of methods to detect incidents, including up-time monitors, system response alerting, proactive monitoring of threat detection systems (GuardDuty).
Outside of our internal detection methods, we encourage all users and personnel to report any suspicious events, usage or activity to PainChek by emailing: security@painchek.com
Examples of reportable incidents may include, but not limited to:
-
Seeing data that does not belong to your organisation.
-
An unexplainable loss of previously existing data.
-
Defacement of the PainChek cloud portal pages, or PainChek website.
-
Being able to, or having a user reporting being able to perform actions they were not granted permission to.
Once we receive your report, we will ensure regular communication to keep you informed of the progress of the investigation.
Software vulnerabilities or exploits can be reported to security@painchek.com. PainChek is committed to promptly verifying and remediating (where deemed necessary), all reports.