Incident Response Plan (Public Summary Version)

Version: 1.1
Status: Approved
Last modified: April 2025
Next Review Date: October 2025

ISO Statement

oboloo is actively aligning with ISO/IEC 27001:2022 and has developed this Incident Response Plan (IRP) in accordance with Annex A controls for information security event management (A.16). This public summary outlines our high-level response framework without exposing sensitive operational details.

Introduction

This Incident Response Plan defines oboloo’s structured lifecycle for managing information security events and incidents across all operations. It is intended to ensure rapid detection, containment, recovery, and improvement following any breach or threat.

Definitions

  • Incident: Any confirmed or suspected event that threatens confidentiality, integrity, or availability of information.

  • Major Security Incident: An incident requiring legal, regulatory, or contractual reporting.

  • SIEM: Security Information and Event Management system used for real-time monitoring.

  • Root Cause Analysis (RCA): Methodology to determine the underlying cause of an incident.

Who We Are and How to Contact Us

oboloo Limited is a UK-based SaaS provider registered under company number 12420854.


Our trading address: 7 Bell Yard, London, England, WC2A 2JR.
Please direct all incident-related reports and policy queries to: hello@oboloo.com

Acceptance of Terms

By engaging with oboloo’s services or systems, all users (employees, contractors, partners) agree to abide by this Incident Response Plan and assist in its implementation as necessary.

Changes to This Policy

This IRP is reviewed bi-annually or following a major incident. Any updates are published on the company intranet and communicated to relevant personnel.

Related Policies

This IRP should be read alongside:

  • Information Security Policy

  • Business Continuity Plan

  • Access Control Policy

  • Data Retention & Disposal Policy

  • GDPR Compliance Policy (where applicable)

Purpose

To provide a structured, repeatable approach to managing incidents that may impact oboloo’s operational resilience or result in regulatory obligations.

Scope

This plan applies to:

  • All oboloo-managed systems, services, and cloud environments

  • All staff (employees, contractors, third-party service providers)

  • All internal and external incidents, including unauthorised access, malware, DDoS attacks, and supplier breaches

Incident Response Lifecycle

Preparation

  • Security tools, incident policies, and training are maintained.

  • Incident categories and severity levels are defined and communicated.

Detection & Reporting

  • 24/7 system monitoring via SIEM tools.

  • All staff trained to identify and escalate threats.

  • Suspicious activity must be reported to: hello@oboloo.com

Assessment & Containment

  • Immediate isolation of affected systems.

  • Incident Response Lead conducts triage and severity assessment.

Eradication & Recovery

  • Root Cause Analysis is conducted.

  • Affected systems are restored from known-good backups.

Post-Incident Review

  • Lessons learned are documented.

  • Controls are updated to reduce risk of recurrence.

Roles and Responsibilities

  • Incident Response Lead (Head of Security): Oversees the incident response lifecycle.

  • Dev & IT Teams: Containment, mitigation, restoration.

  • Legal & Communications: Regulatory and customer notifications, including GDPR compliance.

Notification and Escalation

  • Incidents involving personal data or customer systems are assessed for breach reporting under GDPR or other applicable laws.

  • oboloo Limited commits to notifying affected parties and regulators within legally mandated timeframes.

Confidentiality and Public Disclosure

This public summary does not disclose sensitive operational or technical procedures. Full IRP details, including system-specific playbooks, are restricted to authorised personnel.

Employee Awareness & Training

All employees and contractors are trained annually on incident response protocols. Refresher sessions are held after any major incident or policy revision.

ISO/IEC 27001 Annex A Mapping

Policy Section ISO/IEC 27001 Control Ref Description
Incident Handling
A.16.1.5
Response to information security incidents
Detection & Reporting
A.16.1.2 / A.16.1.3
Reporting and escalation processes
Learning from Incidents
A.16.1.6
Post-incident analysis and improvements
Communication Obligations
A.16.1.4 / A.18.1.4
Regulatory breach reporting (e.g. GDPR)

Review and Update of the Methodology

This plan is reviewed every 6 months, or immediately after any critical security event. All updates are version-controlled and communicated to the Incident Response Lead and wider teams.

Document Control

Version: 1.1
Date: April 2025
Description: Public-facing summary version of internal IRP (sensitive details redacted)