Terms and Conditions for the Ship Safe Network App

Last Updated: 01/04/2024

1. Acceptance of Terms

By downloading, accessing, or using Ship Safe Network ("the App"), you agree to comply with and be bound by these Terms and Conditions ("Terms"). If you do not agree to these Terms, please do not use the App.

2. Changes to Terms

We reserve the right to modify, amend, or update these Terms at any time. Any changes will be effective immediately upon posting. It is your responsibility to review these Terms periodically for changes. Your continued use of the App after any changes will constitute acceptance of such changes.

3. License

Subject to your compliance with these Terms, Ship Safe Network grants you a limited, non-exclusive, non-transferable, revocable license to use the App for your personal, non-commercial use.

4. User Accounts

Some features of the App may require you to create a user account. You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.

5. User Content

By using the App, you may have the opportunity to submit content, including but not limited to text, images, and data. You retain ownership of your content, but by submitting it, you grant Ship Safe Network a worldwide, non-exclusive, royalty-free license to use, copy, modify, distribute, and publish your content in connection with the operation of the App.

6. Privacy

Your use of the App is also governed by our Privacy Policy, which is incorporated into these Terms by reference. Please review the Privacy Policy to understand how we collect, use, and protect your information.

7. Prohibited Conduct

You agree not to:

Use the App for any illegal or unauthorized purpose.
Interfere with or disrupt the App or servers.
Attempt to gain unauthorized access to any portion of the App.
Use the App to harass, abuse, or harm others.
Upload or transmit any viruses, worms, or malicious code.
Violate any applicable laws or regulations.

8. Intellectual Property

All content and materials available through the App, including but not limited to text, graphics, logos, images, software, and code, are owned by Ship Safe Network or its licensors and are protected by copyright, trademark, and other intellectual property laws.

9. Disclaimer of Warranties

The App is provided "as is" and "as available" without warranties of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

10. Limitation of Liability

To the fullest extent permitted by law, Ship Safe Network shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues.

11. Governing Law and Jurisdiction

These Terms are governed by and construed in accordance with the laws of the state or jurisdiction where Ship Safe Network is registered. You agree that any legal action or proceeding arising out of or related to these Terms or your use of the App shall be brought exclusively in the federal or state courts located in Atlanta, Georgia and you consent to the jurisdiction of such courts.

12. Contact Information

If you have any questions or concerns about these Terms, please contact us at 1-833-744-7723 or email us at support@shipsafenetwork.com.

13. Entire Agreement

These Terms constitute the entire agreement between you and Ship Safe Network regarding the use of the App, superseding any prior agreements or understandings.

Cybersecurity Incident Response Policy

1. Purpose

The purpose of this Cybersecurity Incident Response Policy is to establish guidelines for detecting, responding to, and mitigating cybersecurity incidents within Ship Safe Network.

2. Scope

This policy applies to all employees, contractors, and third-party service providers who have access to information systems and data owned or managed by Ship Safe Network.

3. Incident Categories

We classify different types of cybersecurity incidents that may occur within the organization as:

Unauthorized access
Malware infections
Denial of Service (DoS) attacks
Data breaches
Insider threats, etc.

4. Incident Response Team

As part of our response, we designate the following roles as part of the response team that will lead any inquiries into incidents.

Incident Response Team Leader:

Role: Oversee the entire incident response process.
Responsibilities:
Coordinate the activities of the incident response team.
Act as the primary point of contact with executive management.
Ensure that the incident response plan is followed.

Incident Coordinator:

Role: Coordinate the technical and operational aspects of incident response.
Responsibilities:
Manage the incident response plan execution.
Interface with external entities (law enforcement, regulatory bodies, etc.).
Ensure timely reporting and documentation of incidents.

Investigator/Analyst:

Role: Analyze and investigate the incident to determine its nature and extent.
Responsibilities:
Conduct forensic analysis of affected systems.
Identify the source and method of the attack.
Collect and preserve evidence for potential legal actions.

IT Security Administrator:

Role: Implement technical aspects of incident response.
Responsibilities:
Implement containment measures to prevent further damage.
Assist in the recovery of affected systems.
Implement security patches or configurations to prevent future incidents.

Communication Coordinator:

Role: Manage communication during and after the incident.
Responsibilities:
Coordinate internal and external communication.
Draft and release official statements regarding the incident.
Manage communication with the media and other stakeholders.

Legal/Compliance Representative:

Role: Ensure incident response activities comply with legal and regulatory requirements.
Responsibilities:
Advise on legal implications and obligations.
Coordinate with law enforcement if necessary.
Ensure compliance with data breach notification laws.

Human Resources Representative:

Role: Address personnel-related aspects of the incident.
Responsibilities:
Assist in identifying insider threats.
Coordinate with HR for employee communication and support.
Ensure compliance with personnel policies during the incident.

Public Relations/Spokesperson:

Role: Manage public relations and external communication.
Responsibilities:
Craft and deliver external messages.
Manage the organization's public image during and after the incident.
Work with legal and communication teams to align messaging.

Vendor/Third-Party Liaison:

Role: Coordinate with external service providers and vendors.
Responsibilities:
Communicate with third-party service providers affected by the incident.
Ensure vendors are engaged in the incident response process.

Training and Awareness Coordinator:

Role: Ensure that employees are trained and aware of cybersecurity protocols.
Responsibilities:
Conduct regular training sessions on cybersecurity awareness.
Coordinate simulated incident response drills.
Monitor and report on employee compliance with security policies.

5. Incident Detection and Reporting

Our methods for detection and reporting are as follows:

Regular monitoring of network logs and system activities
Employee reporting mechanisms
Third-party alerts

6. Incident Response Procedures

Should an incdent occur, we will take the following steps:

Incident Identification:

Description: The incident identification process involves monitoring network activities, system logs, and other security alerts to detect any unusual or suspicious behavior.
Procedure: Utilize intrusion detection/prevention systems, security information and event management (SIEM) tools, and other monitoring solutions to identify potential incidents.
Regularly review system logs and audit trails for anomalies.
Encourage employees to report any suspicious activity promptly.

Incident Reporting:

Description: Once an incident is identified, it needs to be reported to the incident response team for further investigation and action.
Procedure: Establish clear reporting channels, including a designated incident response hotline or email.
Develop incident reporting templates to standardize information provided by reporters.
Ensure that employees are aware of the reporting process and encourage a culture of reporting without fear of reprisal.

Initial Assessment and Classification:

Description: The incident response team conducts an initial assessment to understand the nature and severity of the incident, classifying it based on predefined incident categories.
Procedure: Activate the incident response team immediately upon receiving a report.
Conduct a quick assessment to determine the scope, impact, and nature of the incident.
Classify the incident based on predefined categories (e.g., data breach, malware infection, denial of service).

Incident Containment:

Description: Once the incident is identified and classified, containment measures are implemented to prevent further damage or spread of the incident.
Procedure: Isolate affected systems or networks to prevent lateral movement.
Apply necessary security patches or configuration changes.
Implement network segmentation to contain the incident.

Eradication of the Incident:

Description: After containment, the focus is on completely removing the threat from the environment and restoring affected systems.
Procedure: Conduct a thorough analysis to identify the root cause of the incident.
Remove malware, unauthorized access points, or compromised accounts.
Verify the integrity of systems before restoring them to normal operation.

Recovery and System Restoration:

Description: Once the incident is eradicated, efforts are made to restore affected systems to normal operation.
Procedure: Restore data and configurations from backup systems.
Implement additional security measures to strengthen the overall security posture.
Conduct testing to ensure that restored systems function properly.

Post-Incident Analysis and Documentation:

Description: A comprehensive analysis of the incident is conducted to identify lessons learned and areas for improvement. Documentation is crucial for regulatory compliance and future incident prevention.
Procedure: Conduct a detailed post-mortem analysis of the incident.
Document all actions taken during the incident response process.
Identify weaknesses in existing security controls and update incident response procedures accordingly.

Communication and Notification:

Description: Clear communication is essential both internally and externally to manage the impact on stakeholders.
Procedure: Follow the communication plan outlined in the incident response policy.
Notify affected parties, including employees, customers, and regulatory authorities, as required by law.
Manage public relations and media inquiries in coordination with the communication coordinator.

Legal and Regulatory Compliance:

Description: Ensure that incident response activities comply with applicable laws and regulations.
Procedure: Consult with legal representatives to understand legal obligations.
Coordinate with law enforcement if necessary.
Prepare and submit any required incident reports to regulatory authorities.

Continuous Improvement:

Description: Regularly review and update the incident response plan based on lessons learned and changes in the threat landscape.
Procedure: Conduct periodic training and awareness programs for incident response team members.
Evaluate the effectiveness of incident response procedures through simulations and drills.
Collaborate with other departments to integrate lessons learned into broader security policies and procedures.

Documentation Control:

Description: Establish a process for maintaining and updating incident response documentation.
Procedure: Assign responsibility for document control and version management.
Implement a system for tracking changes and ensuring that all team members have access to the latest version of the incident response plan.

Post-Incident Review Meeting:

Description: Hold a meeting to review the incident response process and discuss improvements.
Procedure: Schedule a post-incident review meeting with the incident response team.
Analyze the effectiveness of the response and identify areas for improvement.
Document lessons learned and update the incident response plan accordingly.

7. Communication Plan

Establish a communication plan for internal and external stakeholders, including employees, customers, regulatory bodies, and the media. Define who is responsible for communication and what information will be disclosed.

Objective: The objective of this communication plan is to ensure transparent, timely, and effective communication during and after a cybersecurity event, safeguarding the organization's reputation and maintaining stakeholder trust.

2. Communication Team

Spokesperson:

Designate a primary spokesperson responsible for addressing the media, stakeholders, and the public.
Identify a backup spokesperson in case the primary spokesperson is unavailable.

Communication Coordinators:

Assign individuals responsible for internal and external communication coordination.
Ensure that communication coordinators are well-versed in cybersecurity terminology and the incident response plan.

3. Internal Communication

Employee Notification:

Develop a protocol for notifying employees about the cybersecurity event.
Specify channels for internal communication, such as company-wide emails, intranet announcements, or team meetings.

Employee Briefings:

Schedule briefings for employees to provide updates on the incident, actions taken, and expectations.
Ensure the availability of support resources, such as IT help desks and counseling services.

4. External Communication

Stakeholder Communication:

Identify key external stakeholders, including customers, partners, and regulatory bodies.
Develop tailored messages for each stakeholder group, addressing their specific concerns and interests.

Media Relations:

Establish a media contact point and a process for managing media inquiries.
Develop key messages and talking points for the spokesperson to convey during media interactions.

5. Communication Channels

Official Statements:

Draft official statements to be released through the organization's website, social media channels, and press releases.
Ensure consistency across all communication channels.

Hotline and Email Response:

Establish a hotline and email address for stakeholders to report concerns or seek information.
Assign trained personnel to respond promptly to inquiries received through these channels.

6. Communication Timeline

Initial Communication:

Specify a timeline for the initial communication to stakeholders, employees, and the media.
Outline the key information to be shared in the first communication, including the incident's nature, impact, and initial steps taken.

Ongoing Updates:

Establish a schedule for regular updates to keep stakeholders informed of the incident's progress and resolution.
Communicate both positive developments and challenges encountered during the incident response.

7. Communication Content

Transparency and Honesty:

Emphasize transparency and honesty in all communication.
Acknowledge the incident's severity while highlighting the organization's commitment to resolution and prevention.

Key Messages:

Develop key messages that convey the organization's dedication to cybersecurity, the steps taken to address the incident, and future prevention measures.
Ensure consistency in messaging across all communication channels.

8. Regulatory Compliance

Legal Counsel Involvement:

Involve legal counsel in reviewing and approving communication content to ensure compliance with applicable laws and regulations.
Address any legal obligations regarding the disclosure of the cybersecurity event.

9. Post-Incident Communication

Lessons Learned:

Communicate lessons learned from the cybersecurity event to employees, stakeholders, and the public.
Outline the organization's commitment to continuous improvement in cybersecurity measures.

Rebuilding Trust:

Develop a strategy for rebuilding trust with stakeholders, emphasizing enhanced cybersecurity measures and proactive communication.

10. Communication Evaluation

Post-Event Review:

Conduct a post-event review of the communication plan's effectiveness.
Gather feedback from internal and external stakeholders to identify areas for improvement.

11. Training and Preparedness

Media Training:

Provide media training for spokespersons and communication coordinators.
Conduct simulated exercises to prepare the communication team for different scenarios.

Regular Updates:

Ensure that the communication plan is regularly reviewed and updated to reflect changes in the organization's structure, personnel, or cybersecurity landscape.

8. Legal and Regulatory Compliance

Ensure that incident response activities comply with relevant laws and regulations. Specify any legal obligations regarding reporting incidents to regulatory authorities.

9. Training and Awareness

Mandate cybersecurity awareness training for employees and incident response team members. Regularly conduct drills and simulations to test the effectiveness of the incident response plan.

10. Continuous Improvement

Implement a process for reviewing and updating the incident response plan regularly. Incorporate lessons learned from previous incidents and industry best practices.

11. Policy Review and Approval

Specify a review schedule for the policy and the process for making updates. Clearly outline the approval process for any changes to the policy.

12. Enforcement

Define the consequences for non-compliance with this policy, including disciplinary actions, as appropriate.

13. Contact Information

Provide contact information for key personnel involved in incident response, including names, roles, and contact numbers.

14. Document Control

Outline the version control and documentation processes for this policy.

15. Definitions

Include a section with definitions of key terms used in the policy.