Monito Security Guide

Security Incident Response

Introduces the incident response plan, including procedures for detecting, reporting, and responding to security incidents.

This section describes our incident response plan, including the procedures used to detect, report, and respond to security incidents.

In the event of a security incident or personal data breach, Grepp, Inc. responds promptly in accordance with applicable laws and contractual obligations.

Where Korean law applies, we report to relevant authorities such as KISA (Korea Internet & Security Agency) within 24 hours. For processing subject to the GDPR, we notify the Supervisory Authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach (Article 33 of the GDPR).

Where Monito processes personal data on behalf of a customer as a data processor, we provide the relevant information about the breach, its scope of impact, and mitigation measures without delay so that the customer can fulfill its obligations under Articles 33 and 34.

We also operate a systematic response procedure for detecting incidents, analyzing their root causes, minimizing their impact, and preventing recurrence.


All events, such as system logins and system changes, are actively audited and recorded through a centralized audit logging system and security audit logs, and are protected from unauthorized access, modification, and deletion.

We operate a process for reviewing audit logs to detect inappropriate or abnormal activity. When a significant risk arises, we immediately notify business members.

Audit logs are reviewed regularly by the security team to identify and respond to anomalies.


Our data security architecture is designed to align with internationally recognized cloud security standards and frameworks.


We implement restrictive measures and monitoring mechanisms to prevent unauthorized software installation on the systems that support our solution. Data labeling adheres to industry-standard data formats.


Mobile device security is a top priority for our organization. Through strong technical controls, we encrypt entire devices and sensitive data, and we actively detect and prevent attempts to bypass the built-in security controls of mobile devices, such as jailbreaking or rooting.

We implement comprehensive mobile security measures to protect the integrity and confidentiality of data accessed through mobile devices.


Security and privacy-related inquiries can be submitted to cs@grepp.co.