Legal
Incident Response Policy
Last updated: 9 July 2026
Despite strong preventative practices, no system can be guaranteed incident-free. This policy describes how we respond when a security incident is suspected or confirmed.
Response approach
- Identify and contain: assess the scope and stop ongoing impact first
- Preserve evidence: keep logs and records needed to understand what happened
- Remediate: close the vulnerability, rotate affected credentials, restore clean service
- Notify: inform affected clients without undue delay, with honest detail about impact
- Review: document root cause and improve practices to prevent recurrence
Regulatory awareness
Where personal information is involved, notification duties may arise under POPIA (to the Information Regulator and affected data subjects) or other applicable frameworks such as GDPR. We plan client systems so the information needed for such notifications — what data, whose, and when — can be established from logs and records.
Incident response procedures for a specific client system can be documented as part of the engagement where required.
Contact
Questions about this policy: sales@nokomohoto.com or +27 (79) 113-4590.

