Security incidents

Security Incident and Breach Notification Procedure

Operational process for identifying, containing, and notifying security incidents and personal data breaches.

Last updated: 2 April 2026

Legal owner

Smart Property Software Ltd

SmartTenant is a platform owned and operated by Smart Property Software Ltd.

Company number 17126256.

Contact: enquiries@smarttenant.co.uk

ICO readiness

Data protection confidence

SmartTenant is preparing its ICO registration details for launch. Any ICO registration wording or logo treatment is intentionally disabled until registration is completed and confirmed.

ICO registration wording and logo placement are placeholders during development and will be updated before go-live.

1. Scope

This procedure applies to incidents affecting confidentiality, integrity, or availability of SmartTenant systems and personal data.

2. Incident lifecycle

Detect and triage incident severity.
Contain and isolate affected systems.
Investigate root cause and impact scope.
Remediate, recover, and verify integrity.
Document lessons learned and preventive actions.

3. Breach assessment criteria

SmartTenant evaluates whether personal data is involved, what categories are affected, expected risk to individuals, and whether statutory notification duties are triggered.

4. Notification commitments

Notify affected controllers/customers without undue delay.
Provide known facts, likely impact, and mitigation actions.
Support controllers to meet regulatory and individual-notice duties.
Where controller obligations require, support notification in the 72-hour statutory window.

5. Evidence and records

SmartTenant keeps incident records including timeline, affected systems, impact analysis, actions taken, and closure approvals.

6. Contact

Security and breach notifications should be sent to enquiries@smarttenant.co.uk.