How and when should I report a security incident to Code Enigma?

Code Enigma is ISO 27001 certified, a part of which involves us having a comprehensive incident management procedure. As a part of this, we encourage incident reports from anyone, be they customers, suppliers, staff or concerned members of the public. An incident is anything that actively threatens or might threaten Code Enigma's information security based on the CIA triad, Confidentially (e.g. sensitive document disclosure), Integrity (e.g. corrupted database) and Availability (e.g. failed IT service). Examples of security incidents include (but are not limited to):

  • Retrieving Code Enigma equipment.

  • Sensitive paper documents left unattended on printers, scanners, fax machines, etc.

  • Sending personal information intended for one party to a different party.

  • Suspicious user activity.

  • Unavailable services (e.g. due to a Distributed Denial of Service attack)

If you observe something you consider to be of a concern to the information security of Code Enigma then we invite you to report it using our contact form, which can be found at the bottom of every page. As a general rule, if in doubt, report it!