While using Teravent and its associated services, you must read and understand Teravent's applicable policies, including this Incident Response Policy and the Teravent Privacy Policy.
Effective on January 8, 2024.
Teravent Limited is committed to advancing carbon removal responsibly, with a strong emphasis on maintaining secure systems and safeguarding sensitive information. The purpose of this Incident Response Policy is to define Teravent's approach to identifying, reporting, responding to, and managing incidents involving information security and data breaches.
The policy aims to foster a culture of openness, trust, and integrity, ensuring that employees understand how to respond to incidents in a manner that protects the company, its employees, partners, and customers from harm. It emphasizes the importance of prompt action, transparency, and adherence to applicable legal and regulatory obligations.
This Policy applies to all Teravent employees and to all assets owned or managed by the company, as well as to external stakeholders such as contractors who interact with Teravent systems.
- Incident: Any event that compromises the confidentiality, integrity, or availability of Teravent's information or systems. Examples include loss, theft, or unauthorized access to data; unintended modification of information; changes to system hardware, firmware, or software without proper authorization; unplanned service disruptions; and unauthorized use of systems or resources.
- Breach: The acquisition, access, use, or disclosure of non-public information in a manner not permitted by applicable laws or regulations, which compromises the security or privacy of that information. Breaches do not include unintentional access by employees acting in good faith within the scope of their authority, provided no further unauthorized disclosure results.
All employees are required to report any incidents, suspected incidents, or potential vulnerabilities as soon as they are discovered. Reports may be submitted through internal incident management tools, via email to Teravent's Security Team, or directly to the employee's Line Manager. The Security Team initiates an investigation into any reported incidents within three working days of notification.
Upon identification of an incident, Teravent will act immediately to contain the incident and remove any unintended access. A coordinated response will be established through designated communication channels, and alternative channels will be used if these are suspected to be compromised.
An Incident Manager - typically an on-call engineer or senior staff member depending on severity - will coordinate the response. The response team may include representatives from Technology, Legal, Communications, Client Services, Human Resources, and affected operational departments.
If the incident involves theft, breach, or exposure of sensitive information, it will be escalated to Teravent's Leadership Team. All communication related to the incident will be restricted to secure and private channels to prevent unauthorized disclosure. If legal proceedings are deemed necessary, Teravent will engage the relevant law enforcement authorities and carefully preserve all evidence in accordance with legal requirements.
The Incident Manager will work with Teravent's Legal, Communications, and HR teams to determine the appropriate communication plan, covering internal notification to employees, external disclosure to the public, and notification to any individuals or entities directly affected.
Where required by law or regulation, Teravent will notify affected customers and stakeholders about breaches. If a law enforcement official advises that notification could compromise a criminal investigation, Teravent will comply with the official guidance. Notification will be delayed for no longer than thirty days unless further written guidance is received.
Teravent may take disciplinary action, up to and including termination of employment, against any individual who breaches the Policy.
This Incident Response Policy will be reviewed at least annually to ensure its effectiveness and continued alignment with Teravent's operational and legal requirements.