Incident Response Policy – The Agency Founder

Last Updated: August 18, 2025

1. Purpose

This policy establishes a structured and documented approach for detecting, reporting, assessing, responding to, and recovering from security incidents that may affect TheAgencyFounder systems, applications, services, client data, or third-party integrations.

Our goal is to:

Minimize damage and reduce recovery time and costs.
Protect the confidentiality, integrity, and availability of information assets.
Meet legal, regulatory, and contractual obligations, including Meta’s TPA requirements.

2. Scope

This policy applies to:

All employees, contractors, interns, and third-party service providers of TheAgencyFounder.
All systems, applications, databases, networks, and cloud services used in business operations.
All client and partner data (including Meta-provided data).

3. Definitions

Incident: Any event that compromises—or has the potential to compromise—confidentiality, integrity, or availability of information or disrupts operations.
Examples: Data breaches, unauthorized access, malware infections, phishing attacks, system outages, insider threats, policy violations.

4. Roles & Responsibilities

Incident Response Team (IRT):

Incident Response Manager (IRM): Overall coordination, decision-making, escalation to leadership & Meta.
IT Security Lead: Technical investigation, containment, eradication, and recovery.
Legal & Compliance Officer: Regulatory reporting, legal assessment, contractual obligations.
Communications Lead: Internal and external notifications, including client and public updates.

5. Incident Response Lifecycle

5.1 Preparation

Maintain and regularly update incident response plan.
Train employees in security awareness (including phishing simulations).
Ensure up-to-date logging, monitoring, and alerting systems.
Maintain contact lists for internal team, Meta, and relevant authorities.

5.2 Identification

Use automated monitoring tools, manual detection, and third-party alerts.
Log all suspected incidents with date, time, and source.
Classify incident severity:
- Critical: Data breach, significant downtime, regulatory impact.
- High: Unauthorized access detected, malware infection.
- Medium: Suspicious activity, attempted attacks.
- Low: Policy violations without system compromise.

5.3 Containment

Short-term containment: Isolate affected systems immediately to prevent further damage.
Long-term containment: Apply temporary fixes and block malicious IPs/domains.

5.4 Eradication

Remove malicious code, accounts, or vulnerabilities.
Patch affected systems.
Conduct forensic analysis to determine root cause.

5.5 Recovery

Restore affected systems from clean backups.
Monitor for recurrence.
Gradually bring systems back online.

5.6 Lessons Learned

Conduct post-incident review within 7 business days.
Document findings and improvements.
Update incident response procedures and training.

6. Communication & Reporting

Internal Reporting:

Employees must report any suspected incident immediately to the Incident Response Manager via secure channel (phone, encrypted email, or internal ticket).

External Reporting:

Notify Meta immediately for any incidents affecting Meta data, per TPA requirements.
Notify clients, regulators, or authorities as required by law.
Provide initial report within 24 hours and ongoing updates until resolution.

7. Breach Notification Procedure

Follow Meta’s TPA breach notification requirements.
Include: Nature of breach, data impacted, steps taken, mitigation measures, and recovery timeline.
Maintain detailed incident logs for audit purposes.

8. Training & Testing

Conduct annual incident response drills.
Review and update this policy every 12 months or after a major incident.

9. Compliance

This policy aligns with:
- ISO/IEC 27035 – Information Security Incident Management
- GDPR & Indian IT Act (if applicable)
- Meta TPA Requirements