Grace Connect Legal Center

Security Incident & Data Breach Response Policy

Operational steps Grace Connect should follow if a security or privacy incident occurs.

Last Updated: June 16, 2026

1. Purpose

This policy guides response to suspected unauthorized access, data exposure, account compromise, storage misconfiguration, credential leak, malware, abusive admin activity, lost device, provider incident, or privacy breach.

2. Immediate Steps

  1. Receive and log the report.
  2. Classify severity and affected systems.
  3. Contain the issue by disabling keys, accounts, roles, storage policies, or vulnerable features where necessary.
  4. Preserve evidence and logs.
  5. Investigate root cause and affected data.
  6. Fix the issue and validate the fix.
  7. Notify affected users, churches, service providers, regulators, or authorities where legally required.
  8. Document lessons learned and prevention actions.

3. Breach Assessment

Grace Connect should assess what data was involved, whether sensitive data was exposed, how many users or churches were affected, whether the data was actually accessed, whether encryption or access controls reduced risk, and what legal notification duties apply.

4. Communications

Incident notices should be clear, factual, and timely. They should explain what happened, what data was involved, what action Grace Connect took, what users should do, and how to contact support.

5. Records

Incident records should include timestamps, affected systems, decision-makers, evidence, containment actions, communications, notifications, root cause, and remediation steps.