Neobank Capital — Incident Response Policy

Last Updated: 22 Oct 2025

Effective Date: 18 september 2023

Issued by: Neobank Capital

Approved by: Chief Information Security Officer (CISO) & Data Protection Officer (DPO)

1. Purpose

The purpose of this Incident Response Policy is to establish a structured and coordinated approach for detecting, reporting, analyzing, and responding to security incidents affecting Neobank Capital systems, applications, and customer data.

This policy ensures that:

Data breaches and cybersecurity incidents are addressed swiftly and effectively.
Regulatory requirements (GDPR, UK GDPR, PCI DSS, NIST, and local laws) are met.
Damage to customers, assets, and reputation is minimized.
Lessons learned are applied to prevent recurrence.

2. Scope

This policy applies to:

All employees, contractors, vendors, and third-party service providers.
All systems, devices, applications, cloud environments, and decentralized infrastructure operated or managed by Neobank Capital.
All types of incidents including cybersecurity, operational, financial, privacy, or data protection events.

3. Definitions

Security Incident: Any confirmed or suspected event that threatens the confidentiality, integrity, or availability of Neobank Capital systems or data.
Data Breach: Unauthorized access, disclosure, or destruction of personal or financial information.
Critical Incident: An event with potential high impact on customers, regulatory compliance, or business continuity.

4. Incident Response Team (IRT)

Neobank Capital maintains a dedicated Incident Response Team (IRT) with the following roles:

Role	Responsibility
Incident Response Lead (CISO)	Oversees incident handling, coordinates escalation, and approves major responses.
Data Protection Officer (DPO)	Manages privacy breach notifications and GDPR compliance.
IT & Security Analysts	Investigate, contain, and remediate incidents.
Legal & Compliance	Provides regulatory guidance, liaises with authorities, reviews notifications.
Communications Officer	Coordinates internal and external communication including customer notices.

5. Incident Classification and Prioritization

Incidents are classified based on severity, impact, and urgency:

Severity Level	Description	Response Timeline
Critical	Breach affecting sensitive personal, financial, or blockchain data; high operational impact	Immediate (≤1 hour)
High	Threats affecting system integrity or customer service, but limited exposure	Within 4 hours
Medium	Localized or minor security events with limited impact	Within 24 hours
Low	Informational, minor operational anomalies	Within 48 hours

6. Incident Detection and Reporting

All personnel must report suspected incidents immediately to the IRT via:
Email: security@neobank.capital
Phone (24/7 hotline): +1(844) 454 2508
Automated monitoring systems (SIEM, IDS/IPS, blockchain monitoring tools) provide real-time alerts.
Reports must include:
Description of the incident
Date/time detected
Affected systems or data
Initial impact assessment

7. Incident Response Phases

7.1 Preparation

Maintain updated IRP, contact lists, escalation procedures, and tools.
Conduct periodic simulations, tabletop exercises, and staff training.

7.2 Identification

Validate and confirm incidents.
Determine the type, scope, and potential impact.
Log all details in the incident tracking system.

7.3 Containment

Short-term containment: Isolate affected systems to prevent spread.
Long-term containment: Apply temporary fixes while planning full remediation.
Prioritize critical customer and financial data protection.

7.4 Eradication

Remove threats, malware, or vulnerabilities from affected systems.
Patch software, reset credentials, or revoke compromised keys.
Verify that the threat is completely eliminated.

7.5 Recovery

Restore systems and data to normal operation.
Conduct integrity checks to ensure data and system security.
Monitor for signs of recurrence.

7.6 Post-Incident Review

Conduct a lessons-learned analysis.
Update policies, procedures, and security controls.
Document findings and corrective actions in the incident report.

8. Regulatory Notification

For GDPR and other applicable privacy laws:
Notify relevant data protection authorities within 72 hours of confirmed personal data breaches.
Notify affected customers without undue delay if the breach poses high risk.
Maintain documentation of notifications, approvals, and timelines for audits.

9. Communication

Internal: Keep stakeholders informed on status and resolution.
External: Customer and public statements coordinated by Communications Officer and Legal Team.
Do not disclose sensitive incident details externally until authorized.

10. Roles and Responsibilities Summary

Party	Responsibility
Employees & Contractors	Immediate reporting of suspected incidents; follow instructions from IRT.
IRT Members	Investigate, contain, and remediate incidents; coordinate communication.
DPO	Ensure privacy compliance and regulatory notifications.
CISO	Lead response, approve actions, maintain incident readiness.
Legal & Compliance	Advise on legal obligations, contracts, and communications.

11. Documentation and Record-Keeping

All incidents must be logged in centralized incident management systems.
Records include:
Description and classification of the incident
Actions taken during response
Notifications to authorities or customers
Lessons learned and preventive measures
Retain logs and reports for at least 5 years or as required by law.

12. Training and Awareness

Mandatory annual training on incident detection and reporting for all staff.
Simulated breach exercises to ensure readiness.
Training updates aligned with regulatory changes and emerging cyber threats.

13. Policy Review and Updates

Reviewed annually or after any major incident, regulatory change, or operational update.
Updates require approval from the CISO and DPO.

14. Contact Information

Incident Response Team (IRT) Hotline

📧 security@neobank.capital

📞 +1(844) 454 2508

Data Protection Officer (DPO)

📧 privacy@neobank.capital

Chief Information Security Officer (CISO)