Get Started
HomePricingSecurityBlogsPoliciesHelp
Sign InSignup

Incident Response & Breach Notification Policy

9. Incident Response & Breach Notification Policy

9.1 Purpose

This policy establishes Ezyiah’s procedures for responding to suspected or confirmed security incidents, cyber threats, unauthorised access events, and eligible data breaches.

9.2 Reporting Obligations

Users, contractors, staff, and authorised representatives must immediately report:

  • suspected unauthorised access to systems or accounts;
  • phishing attempts or credential compromise;
  • malware, ransomware, or suspicious activity;
  • accidental disclosure of confidential information; or
  • any event reasonably suspected to compromise the confidentiality, integrity, or availability of data.

Reports should be made to Ezyiah through designated support or security communication channels as soon as practicable.

**9.3 Incident Investigation & Response **

  • Upon becoming aware of a suspected incident, Ezyiah may:
  • investigate and assess the severity and scope of the incident;
  • restrict or suspend access to affected systems;
  • preserve evidence and system logs;
  • engage external cybersecurity professionals where necessary;
  • undertake containment and remediation measures; and
  • document the incident and corrective actions taken.

9.4 Breach Notification

Where required under applicable law, including the Notifiable Data Breaches Scheme under the Privacy Act 1988 (Cth), Ezyiah will notify:

  • affected individuals; and/or
  • the Office of the Australian Information Commissioner

of eligible data breaches as soon as reasonably practicable.

Notifications may include:

  • the nature of the breach;
  • the categories of information affected;
  • recommended protective actions for users; and
  • steps taken by Ezyiah to investigate and remediate the incident.

9.5 Limitation of Liability

While Ezyiah implements commercially reasonable safeguards and security procedures, users acknowledge and agree that:

  • no system, software, network, or method of electronic storage is completely secure;
  • cybersecurity incidents may occur despite reasonable precautions;
  • internet-based services carry inherent security risks; and
  • Ezyiah cannot guarantee absolute protection against all unauthorised access, cyberattacks, or security breaches.

To the maximum extent permitted by law, Ezyiah excludes liability for indirect, incidental, consequential, or unforeseeable losses arising from cybersecurity incidents, unauthorised access, service interruptions, or data breaches except where liability cannot lawfully be excluded under Australian law.