Policy Statement on Information Security Reporting

Purpose

To establish procedures for reporting information security incidents in line with SEC regulatory requirements.

Reportable Incidents

Includes:

• Unauthorized access

• Data breaches

• System compromises

• Malware intrusions

• Denial of service

Regulatory Notification

Where required, material breaches shall be reported to:

• Securities and Exchange Commission

• National Information Technology Development Agency

• Relevant regulatory authorities

• Clients (where customer data affected)

Documentation

All incidents shall be logged and retained for regulatory review.

Subscribe to RC Brown Capital Insight

Our weekly newsletter with global insight
and intelligence.

Stay up to date