top of page

Data Breach Management & Notification Policy

1. Purpose

This Data Breach Management and Notification Policy outlines Alpha Immersion Pty Ltd’s approach to identifying, managing, responding to, and notifying relevant parties of any actual or suspected data breaches associated with the I-VADE platform and related services.

The purpose of this policy is to ensure:

  • Timely detection and containment of security incidents

  • Transparent and proportionate notification processes

  • Protection of customer and user information

  • Compliance with applicable privacy and data protection obligations

 

Alpha Immersion primarily acts as a service provider to customer organisations, processing personal information on their behalf for the purpose of delivering, securing, and supporting the I-VADE platform, except where acting in its own capacity for corporate, legal, or operational functions. This policy applies globally to all customers, partners, and users of Alpha Immersion services.

 

2. Scope

This policy applies to:

  • The I-VADE platform and associated cloud-hosted systems

  • All data processed, stored, or transmitted through Alpha Immersion services

  • Employees, contractors, and authorised administrators

  • Third-party service providers involved in service delivery

 

This includes incidents affecting confidentiality, integrity, or availability of data, regardless of cause. In delivering the I-VADE platform, Alpha Immersion operates as a cloud service provider and service processor to customer organisations, processing data on their behalf in accordance with contractual and privacy obligations.

 

3. Definition of a Data Breach

For the purposes of this policy, a data breach refers to any unauthorised or accidental:

  • Access to information

  • Disclosure of information

  • Loss of information

  • Alteration or destruction of information

  • Compromise of system security controls

 

This includes cybersecurity incidents, human error, system misconfiguration, or malicious activity.

 

4. Nature of Data Processed

Alpha Immersion provides an enterprise training platform (I-VADE) and primarily processes organisational training and account data, which may include:

  • Name and work email address

  • Organisation, department, and professional role

  • Training participation and completion records

  • System usage and performance indicators

 

The platform is not designed to collect or store patient medical records, clinical health records, or biometric data as part of standard operation. Data collection is limited to the minimum information required to deliver training services and platform functionality, consistent with data minimisation principles.

 

5. Breach Detection and Monitoring

Alpha Immersion maintains technical and organisational safeguards to support early identification of security incidents, including:

  • System and access logging

  • Role-based access controls

  • Multi-factor authentication for privileged accounts

  • Infrastructure monitoring through secure cloud hosting environments

  • Periodic security reviews and access audits

 

Any suspected security anomaly or unauthorised activity is treated as a potential incident and escalated promptly through internal incident response procedures for assessment and triage. Customer data is logically segregated within secure cloud-hosted environments, protected through access-restricted tenancy controls, and accessible only to authorised personnel in accordance with least-privilege principles.

 

6. Incident Response Process

Alpha Immersion maintains a structured incident management framework aligned to service continuity, security, and governance requirements for cloud-hosted enterprise services.

 

6.1 Identification and Containment

Upon identification of a suspected or confirmed data breach, Alpha Immersion will, where appropriate:

  • Initiate internal incident response procedures

  • Contain and isolate affected systems or accounts

  • Secure infrastructure and prevent further unauthorised access

  • Preserve relevant logs, audit records, and system evidence in a secure manner to support investigation, audit, and compliance requirements

 

6.2 Investigation and Risk Assessment

A structured assessment will be undertaken to determine:

  • The nature and scope of the incident

  • The types of data involved

  • The likelihood of unauthorised access or misuse

  • Potential impact on customers, users, or stakeholders

  • Applicable legal regulatory, and contractual notification obligations, including those specified in customer agreements

 

Alpha Immersion will reasonably cooperate with affected customer organisations in incident investigation and remediation activities, including provision of relevant information where appropriate and permitted.

 

7.  Notification Principles

Alpha Immersion adopts a risk-based and proportionate approach to breach notification. Where contractual obligations specify additional incident reporting requirements, Alpha Immersion will comply with those requirements as agreed with the customer organisation.

7.1 Customer Notification

Alpha Immersion will notify affected customer organisations of confirmed or reasonably suspected data breaches involving customer or end-user data processed on behalf of the customer as soon as practicable after becoming aware of the incident, and without undue delay following initial assessment and containment. This will include:

  • The severity and verified scope of the incident

  • The need to avoid premature or inaccurate reporting

  • Ongoing containment and investigation requirements

 

Notifications will typically include:

  • A summary of the incident

  • Known or likely impact

  • Remediation actions undertaken

  • Recommended next steps (if applicable)

 

Alpha Immersion will provide periodic updates to affected customers as material information becomes available during the investigation and remediation process.

 

7.2 Regulatory Notification

Where required under applicable privacy or data protection laws, Alpha Immersion will notify relevant regulatory authorities and affected individuals in accordance with legal obligations, including where a breach is likely to result in serious harm.

 

8. Third-Party and Cloud Service Providers

Alpha Immersion utilises established third-party cloud infrastructure providers under formal contractual arrangements to host and operate the I-VADE platform. These providers maintain their own security controls, monitoring systems, and incident response processes; however, Alpha Immersion retains overall responsibility for incident management, customer notification, and remediation of breaches affecting the I-VADE platform.

 

Where a breach involves third-party infrastructure or services, Alpha Immersion will:

  • Coordinate incident response with the relevant provider

  • Monitor remediation progress

  • Ensure appropriate contractual and security obligations are met

 

9. Remediation and Recovery

Following containment of a confirmed incident, Alpha Immersion will implement appropriate remediation measures, which may include:

  • Security patching and system hardening

  • Credential resets and access control reviews

  • Restoration from secure backups (where required)

  • Process or control improvements to prevent recurrence

 

Where incidents affect system availability or service continuity, Alpha Immersion will prioritise restoration of service functionality alongside security remediation, in accordance with business continuity practices. Where a breach impacts customer data, Alpha Immersion will, upon reasonable request and in accordance with contractual arrangements, support the secure provision, recovery, or return of relevant customer data in a usable format.

 

10. Record Keeping and Post-Incident Review

All security incidents and data breaches (including near misses) are documented internally. Records may include:

  • Incident timeline

  • Impact assessment

  • Actions taken

  • Lessons learned and corrective measures

 

Post-incident reviews are conducted to strengthen ongoing security and governance practices.

 

11. Roles and Responsibilities

Alpha Immersion maintains clear internal accountability for breach management, including:

  • Technical leadership responsible for incident detection, investigation, and containment

  • Executive leadership responsible for governance oversight, risk management, and stakeholder communication

  • Authorised system administrators responsible for secure system operation, logging, and incident reporting

 

12. Continuous Improvement

Alpha Immersion is committed to continuous improvement of its security and incident response capabilities through:

  • Regular policy reviews

  • Security and access control updates

  • Alignment with evolving industry standards and regulatory expectations

  • Ongoing monitoring of platform security posture

 

13. Policy Review

This policy is reviewed periodically and updated as required to reflect:

  • Changes in legal or regulatory requirements

  • Platform or infrastructure updates

  • Organisational governance developments

 

14. Contact for Security Incidents

Security incidents and breach notifications may be directed to Alpha Immersion via email at info@alphaimmersion.org.

Alpha Immersion maintains internal escalation procedures to ensure security incidents are triaged and responded to by authorised personnel.

 

 

 

Alpha Immersion Pty Ltd
Email: info@alphaimmersion.org

Last updated: 24/02/2026

Contact us

©Alpha Immersion Pty Ltd 2026

Solutions for global challenges

Privacy Policy              Data Retention Policy

bottom of page