Notification Process

Last updated: 2026-01-13

Incident Notification Process

This document describes how Gray Ghost Data Consultants communicates security incidents to affected parties, including timing, methods, and content of notifications.

Notification Commitment

We are committed to transparent and timely communication when security incidents occur. Our goal is to provide affected parties with the information they need to understand the incident and take appropriate action.

Notification Timeline

Initial Notification

Incident TypeNotification TargetTimeline
Confirmed data breachAffected customersWithin 72 hours
Service disruptionAll customersWithin 4 hours
Security vulnerabilityAffected customersWithin 24 hours
Sub-processor incidentAffected customersWithin 72 hours

Ongoing Updates

  • Critical incidents: Updates every 4 hours until resolved
  • High severity: Updates every 12 hours until resolved
  • Resolution notice: Within 24 hours of incident closure
  • Post-incident report: Within 14 days of incident closure

Notification Methods

Primary Channels

ChannelUse Case
EmailOfficial notifications to designated contacts
Portal bannerReal-time service status updates
PhoneCritical incidents requiring immediate attention
Status pagePublic service availability updates

Contact Management

  • Designated security contacts updated in customer portal
  • Multiple contacts supported per customer
  • Backup notification methods available

Notification Content

Initial Notification Includes

  1. Incident Summary
  • Brief description of what occurred
  • Date/time of discovery
  • Current status (investigating, contained, resolved)
  1. Impact Assessment
  • Services affected
  • Data types potentially involved
  • Whether customer data was accessed
  1. Immediate Actions Taken
  • Containment measures implemented
  • Investigation status
  1. Recommended Customer Actions
  • Steps customers should take
  • Monitoring recommendations
  • Contact information for questions

Update Notifications Include

  • Current investigation status
  • New findings since last update
  • Additional containment or remediation actions
  • Updated recommendations if applicable
  • Expected next update time

Final Notification Includes

  • Complete incident timeline
  • Root cause (if determined)
  • Full scope of impact
  • Remediation completed
  • Preventive measures implemented
  • Lessons learned summary

Sample Notification Templates

Initial Notification Template

Subject: Security Incident Notification - [Incident ID]


Dear [Customer Name],



We are writing to inform you of a security incident that may affect 
your organization's data.



INCIDENT SUMMARY:
On [Date], we detected [brief description]. Our security team 
immediately initiated our incident response procedures.



CURRENT STATUS: [Investigating/Contained/Resolved]



IMPACT:
Based on our initial assessment:

  • [Services/data potentially affected]

  • [Scope of impact]




ACTIONS TAKEN:

  • [Containment measure 1]

  • [Containment measure 2]




RECOMMENDED ACTIONS:

  • [Recommendation 1]

  • [Recommendation 2]




NEXT STEPS:
We will provide an update within [timeframe]. If you have questions, 
please contact security@grayghostdata.com.



Sincerely,
Gray Ghost Data Consultants Security Team

Resolution Notification Template

Subject: Security Incident Resolved - [Incident ID]


Dear [Customer Name],



This notification confirms the resolution of the security incident 
reported on [Initial Notification Date].



INCIDENT SUMMARY:
[Brief recap of the incident]



RESOLUTION:
The incident has been fully resolved as of [Date/Time].



ROOT CAUSE:
[Description of root cause if determined]



IMPACT CONFIRMED:
[Final confirmed scope of impact]



REMEDIATION COMPLETED:

  • [Action 1]

  • [Action 2]




PREVENTIVE MEASURES:

  • [Measure 1]

  • [Measure 2]




A detailed post-incident report will be available within 14 days 
upon request.



Thank you for your patience and understanding during this incident.



Sincerely,
Gray Ghost Data Consultants Security Team

Regulatory Notifications

We comply with regulatory notification requirements including:

GDPR (EU/UK)

  • Supervisory authority notification: Within 72 hours
  • Data subject notification: Without undue delay when high risk

CCPA (California)

  • Consumer notification: As required for personal information breaches

HIPAA (if applicable)

  • HHS notification: Within 60 days
  • Individual notification: Within 60 days
  • Media notification: For breaches affecting 500+ individuals

State Breach Notification Laws

  • Compliance with all applicable US state breach notification laws
  • Notifications sent within required timeframes per jurisdiction

Customer Responsibilities

To ensure timely notifications, customers should:

  1. Maintain current contacts in the customer portal
  2. Whitelist notification domains: @grayghostdata.com
  3. Monitor portal announcements for service updates
  4. Report suspected incidents immediately to security@grayghostdata.com

Requesting Incident Information

Customers may request:

  • Additional details about incidents affecting their data
  • Post-incident reports for significant incidents
  • Evidence of remediation actions taken

Contact: security@grayghostdata.com

Questions?

If you have questions about our incident notification process:

Email: security@grayghostdata.com
Response Time: Within 24 business hours