This page explains how we identify potential breaches, who we contact, and how we communicate and follow up with DIP Users.<\/p>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\n\t\t A breach is when a DIP User does not meet one or more of its obligations under the DIP Rules or related requirements. Examples may include:<\/p>\n The DIP Manager assesses each potential breach on a case\u2011by\u2011case basis, taking into account its severity and impact.<\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/section>\n\t The DIP Manager uses several reporting methods to identify different types of breaches:<\/p>\n <\/p>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/section>\n\t When a breach is identified, the DIP Manager will contact the relevant DIP User(s), depending on the risk category involved.<\/p>\n A risk category is a high-level grouping that organises similar types of risks into logical themes and shows which user roles are linked to each category.<\/p>\n When a potential non\u2011compliance is identified, the DIP Manager will ask the relevant DIP User to investigate. The request will include:<\/p>\n The DIP User is expected to reply within the specified timeframe, either by:<\/p>\n If the DIP User does not respond within the stated timeframe, the DIP Manager will send a follow\u2011up email.<\/p>\n <\/p>\n If a company uses a DIP Connection Provider (DCP) or another third\u2011party service, the DIP Manager will engage only with the company, not the service provider. The company is responsible for:<\/p>\nWhat counts as a breach
\n
How we identify potential breaches
\n\n
\n Method<\/strong><\/td>\n What does the report entail?<\/strong><\/td>\n<\/tr>\n \n DIP Performance reporting<\/td>\n DIP Performance reporting allows the DIP Manager to see total volumes of messages in ingress and egress. It can be filtered by DIP ID, interface and time.<\/td>\n<\/tr>\n \n Migration reporting<\/td>\n When there is a significant number of recipient failures or when latency threshold is breached DIP Manager will receive a report with a breakdown of all messages in ingress and egress. This will be for the period of six to seven pm. This contains the number of messages accepted and number of messages rejected as well as what is the reason.<\/td>\n<\/tr>\n \n Daily IF 21 reporting<\/td>\n DIP Manager receives a daily IF 21 report which has the number of messages in both ingress and egress, grouped by DIP ID. This contains the number of messages rejected at ingress\/egress.<\/td>\n<\/tr>\n \n DLQ Monitoring<\/td>\n DIP Manager receives an automated report with the number of messages in the DIPs dead letter queue (DLQ).<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Who is contacted when a breach is identified
\n\n
\n User Role<\/strong><\/td>\n Risk Category<\/strong><\/td>\n<\/tr>\n \n User Admin<\/td>\n Connection and Operation<\/td>\n<\/tr>\n \n Certificate Admin<\/td>\n Technical<\/td>\n<\/tr>\n \n Message Admin<\/td>\n Security<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/section>\n\t How the DIP Manager communicates about issues
Initial request<\/h4>\n
\n
DIP User response<\/h4>\n
\n
Follow\u2011up<\/h4>\n
If you use a third\u2011party service provider<\/h4>\n
\n