SupportPay

Menu Close

Security Measures

6-Step Breach Response Protocol​

As the pioneering solution for Modern Family Finances, SupportPay handles sensitive financial and familial data across households. A breach of this trust could lead to loss of user confidence, reputational damage, regulatory action, and operational disruption.

SupportPay already emphasizes high security standards (e.g., AWS security certifications, Hearst, MetLife, and Morgan Stanley vendor reviews)—but in the event of a breach, we have a formal and transparent response process in place.

1. Detection & Verification

  • Tools & Triggers: Implement anomaly detection systems and log monitoring for early warning signs.

  • Verification Protocol: Activate the internal Security Incident Response Team (SIRT) to confirm and assess the severity and scope.

2. Containment (Immediate Actions)

  • Short-term: Isolate affected systems, disable compromised access, and preserve evidence for forensic analysis.

  • Communication Lockdown: Temporarily restrict system changes until the root cause is understood.

3. Notification & Internal Escalation

  • Alert SupportPay’s leadership, legal, and compliance teams.

  • Convene an incident response task force (including data privacy officer, CTO, legal, customer success).

  • If personally identifiable information (PII) is compromised, trigger mandatory compliance workflows (CCPA, GDPR, HIPAA, if applicable).

4. External Notification (Regulatory & Customer)

  • Notify affected users with:

    • A clear summary of the breach

    • Steps taken by SupportPay

    • Actions they should take (e.g., password reset, fraud monitoring)

  • Notify regulators within 72 hours (GDPR standard) if applicable.

  • Communicate proactively with enterprise partners and HR benefit clients regarding system impact and resolution timeline.

5. Resolution, Root Cause Analysis & Remediation

  • Conduct a forensic investigation to determine:

    • How the breach occurred

    • What data or systems were affected

  • Patch vulnerabilities, apply additional security layers, and enhance monitoring.

  • Document the timeline, impact, decisions, and resolution actions.

6. Recovery & Communication

  • Restore affected services with verified clean versions.

  • Launch a customer reassurance campaign:

    • Reaffirm SupportPay’s commitment to family financial wellness and data security

    • Outline steps taken to prevent recurrence

    • Offer dedicated customer support and transparency

Proactive Prevention Measures

  • Maintain AWS-level security with continuous third-party audits.

  • Conduct regular employee security training, including phishing simulations.

  • Ensure endpoint detection & response (EDR) systems are deployed on all devices.

  • Maintain encrypted backups with recovery time objectives (RTO) of under 30 minutes for critical data.