Webcare - Incident Response and Recovery

At Webcare Ltd, we maintain a structured cybersecurity incident response framework designed to detect, contain, investigate, and resolve security incidents quickly while protecting customer data and maintaining service availability.

Security Principles

Our security approach is based on the following principles:

• Isolation – Customer environments are segregated using a single-tenant architecture
• Role-based Access – System access is restricted to authorised personnel with defined roles
• Datacentre & Physical security – Multiple security controls are implemented across infrastructure, applications, and monitoring systems
• Incident Response – Security events are detected, contained, and resolved using defined response procedures

System Architecture and Data Isolation

Our platform operates using a single-tenant architecture, where each organisation’s environment is provisioned independently.

Each organisation is assigned:

• A dedicated database
• A separate application pool
• Segregated application and infrastructure access controls

This design ensures that customer environments are fully isolated.

If a security incident occurs within one tenant environment:

• It cannot directly impact other customers
• The incident can be contained to the affected environment
• Recovery activities can occur without shutting down the entire platform

This architecture significantly reduces systemic risk and enables targeted incident response and recovery.

Incident Detection and Response Process

We follow a structured incident response lifecycle consisting of several stages:

Detection

Potential security incidents may be detected through:

• System and infrastructure monitoring
• Security alerts and anomaly detection
• Log analysis
• Internal reporting
• Customer reports

All incidents are logged and assessed for severity and potential impact.

Containment

If an incident is identified, immediate steps are taken to limit impact. These may include:

• Isolating affected systems or services
• Revoking or resetting compromised credentials
• Blocking malicious network traffic
• Temporarily restricting affected services

Because environments are isolated per organisation, containment typically affects only the impacted tenant environment.

Investigation and Remediation

Our technical team investigates the root cause of the incident and implements remediation actions, which may include:

• Removing unauthorised access or malicious activity
• Applying security patches
• Updating system configurations
• Strengthening security controls

Recovery

If necessary, systems and services are restored using verified backups or rebuilt infrastructure.

Recovery procedures include:

• Restoring systems or databases from secure backups
• Validating restored data
• Monitoring systems for abnormal activity
• Returning services to normal operation

Customer Notification

If an incident results in confirmed or potential exposure of customer data, we will notify the affected customer as soon as practicable after becoming aware of the breach, typically within 24 hours and generally no later than 72 hours. Initial notifications may be followed by further updates as additional information becomes available. 

Customers will be informed of:

• The nature of the incident
• Systems or services affected
• Potential impact on customer data
• Actions taken to contain the issue
• Recommended customer actions if applicable

Data Protection and Backup

We protect customer data using multiple security controls, including:

• Secure infrastructure hosting
• Role-based access control
• Encrypted communications
• Continuous monitoring and logging
• Regular security updates and patching

Customer data is protected through regular automated backups stored securely and verified periodically.

Expected Recovery Timeframes

Recovery time depends on the scope of the incident.

Typical recovery targets include:

Because environments are isolated per organisation, recovery can typically be performed without affecting other customers.