Security Incident Policy

Purpose
Goodwear is committed to maintaining a secure environment for employees, customers, and information assets. This policy defines how security incidents are identified, reported, and managed to minimize impact and prevent recurrence.

Scope

Applies to all employees, contractors, consultants, and anyone with access to Goodwear systems, networks, or facilities.

Definition of Security Incident

A security incident is any unauthorized or unintended event that compromises the confidentiality, integrity, or availability of Goodwear information or systems. Examples include:

• Unauthorized access or data breaches

• Malware infections or ransomware

• Physical theft or loss of assets

• Denial-of-Service attacks

• Social engineering attempts

Reporting

All personnel must report suspected or confirmed incidents immediately to their supervisor or the IT/security team.
Include relevant details such as date, time, location, and description.
Do not attempt independent investigation unless authorized.

Response

The Security Incident Response Team will:

• Assess and contain the incident

• Investigate and remediate

• Communicate updates to affected parties

• Conduct post-incident review to prevent recurrence

Roles & Responsibilities

• Management: Provide leadership and resources for incident handling.

• Security Team: Assess, coordinate, and respond to incidents.

• Employees: Report incidents promptly and follow protocols.

Compliance

Non-compliance may result in disciplinary action, up to and including termination.

Review & Availability

This policy is reviewed annually or as needed. Updates are communicated to all personnel with system access.