As part of our ISO 27001 we have a documented security Incident Response Plan (IRP) outlining our rigorous internal security incident handling process. The IRP covers the roles and responsibilities of our internal staff, customers and cloud partners, and comes into effect in case of a security incident.
All incidents are reported in our internal ticket system and our continuous improvement manager assigns priority and either sets up an immediate security meeting with the Mavim security team, or the issue gets handled and tracked in our monthly security meetings. Due process is followed and customers/partners are informed according to European and Dutch legal requirements.
As part of our Business continuity plan we have implemented a “Hacking run book” which describes the process in case our customer environments, Mavim environments and/or websites are compromised.
In case you find a potential loop-hole, please sent them to email@example.com. We appreciate people pointing us to potential risks. Depending on the risk a nice incentive will be provided to you.
As we are working closely with Microsoft, please ensure you contact us within 4 hours after finding a risk and wait for our and Microsoft`s reply before making anything public.
All security incident processes are tested twice a year.
In addition, we also carry out external pen- and vulnerability tests by an independent 3rd party.