Incident Reporting

Dual Code maintains a formal incident response and reporting policy to ensure timely identification, communication, and resolution of information security events. All employees, contractors, and third-party business partners are made aware of their responsibility to report actual or suspected security incidents. These responsibilities are outlined in employment agreements, confidentiality clauses, and vendor contracts, as applicable.

Predefined internal communication channels are in place to allow workforce personnel and authorized external partners to report incidents efficiently. Reports can be made via secure internal ticketing systems, designated email addresses, or through direct escalation to management, depending on the nature of the incident.

The incident response process includes triage, investigation, containment, and, if necessary, notification to affected parties in accordance with applicable legal, regulatory, and contractual obligations. Dual Code reviews and tests its incident reporting and response procedures regularly to ensure continued effectiveness and alignment with best practices.

In the event of a confirmed security incident, Dual Code notifies all affected clients through electronic methods, such as email or the client portal, as appropriate. Notifications include relevant details about the nature and scope of the incident, potential impact, and any recommended or required actions. Updates are provided as new information becomes available to ensure transparency and support clients in meeting their own compliance obligations.