Feature · Breach Response Workflow

The 72-hour clock starts the moment you discover a breach.

PHIPA and PIPEDA require notification within 72 hours of discovering a privacy breach. Most clinics have no documented Incident Response Plan. CybershieldMaple gives you a pre-built workflow, a running clock, and an evidence trail — before you need it.

Get Your Accountability Benchmark See the platform live

How it works

From discovery to sealed evidence — in four steps.

The IRP is pre-built. The clock is automatic. The evidence is immutable.

Log the incident

Record the breach event in CSM. The 72-hour notification clock starts automatically. Date, time, and initial details are timestamped and immutable.

Follow the IRP workflow

CSM walks you through the pre-built Incident Response Plan — containment, assessment, notification decisions, and required regulatory communications.

Document every action

Every step taken, every communication sent, every decision made is recorded in the governance ledger with a timestamp. Nothing is reconstructed after the fact.

Generate the evidence pack

When the incident is resolved, generate a sealed evidence package containing the full incident log, IRP workflow completion, and notification records. Hand it to the IPC or a cyber insurer.

Capabilities

Every component of a defensible breach response.

Automatic 72-hour clock

The notification timer starts the moment you log the incident. Real-time countdown visible in the dashboard. No manual tracking required.

Pre-built Incident Response Plan

IPC handbook chapter 7 compliant. Your IRP is already drafted when you need it — not a template you fill in under pressure.

Notification workflow

Step-by-step prompts for regulator notification, patient notification, and insurer reporting. Each notification is logged with timestamp and recipient.

Immutable incident log

Every action taken during an incident is recorded in the immutable governance ledger. The record cannot be altered after the fact — critical for regulatory defense.

Staff assignment & accountability

Assign incident response tasks to specific staff members. Track completion. Every assignment and acknowledgment is documented.

Sealed evidence package

Once resolved, generate a complete sealed evidence pack covering the incident timeline, actions taken, notifications sent, and regulatory filings. One click to produce.

Framework coverage

Covers every provincial breach obligation.

PHIPA (Ontario)

Section 12 · 72h IPC notification · AMP exposure under Decision 298

HIA (Alberta)

Mandatory breach reporting · OIPC Alberta

PIPA (BC)

Breach duty · OIPC BC

Law 25 (Quebec)

Article 3.5 · 72h CAI + affected person notification

PIPEDA (Federal)

Significant risk assessment · Real risk of significant harm

Who uses this feature

Used by every organization that touches PHI.

Healthcare Clinics

Primary use — IRP required for all PHIPA-covered organizations

Health Tech Startups

Breach workflow for apps handling PHI · Hospital procurement requirement

MSPs

Per-client incident tracking · Insurer audit pack generation

Breach Response

Don't build your IRP on the day you need it.

See the breach response workflow in the CSM platform — and get your accountability gap assessment to understand your full governance posture.

Get Your Accountability Benchmark See the platform live