Help Center
How can we help? 👋
All Categories
Daily Use
Incident Response Plan

Incident Response Plan

A plan for maintaining a secure environment for customer data. This plan covers managing and assessing incidents.

Last updated on September 15, 2022

Identification

  • Automated and manual mechanisms are utilized to detect potential vulnerabilities.
  • Automatic detection will trigger a notification to the technical leadership team.

Coordination

  • The on-call engineer will look to evaluate the severity of the problem.
    • Severity can be classified into several tiers:
      • Tier 1 - Service disruption, global outages, global vulnerabilities.
      • Tier 2 - Any security-related incident (no matter how small), or outage for a major group of customers. An outage of critical services.
      • Tier 3 - Outage of any non-critical services, outage for a small group of customers. High latency issues. Service inconvenience issues (cosmetic assets not loading properly, because of CDN issues).
      • Declassification - The issue is not severe and can be filed away as a medium-priority issue.
  • Once classified, engineers will respond to the incident and begin an investigation.

Resolution

  • Engineers will gather information relevant to the incident. Through various mechanisms like server logs, audit logs, or the application itself.
    • All logs will be maintained for forensic analysis.
  • Process priority for the resolution team:
    • Limit the ongoing damage by quickly patching if possible and terminating any ongoing exploitation of access.
    • Fix the underlying issue with the proper deployment.
    • Restore the affected systems and services.
  • As soon as the breach has been verified, Client Partners will notify relevant parties of the breach.
  • The SLA for resolving and fixing critical vulnerabilities is 24 hours.

Closure

  • All members of the response team involved will take notes of their involvement throughout the process.
  • Incident Review Meeting is called for a post-mortem, where notes are compared, and the team identifies issues with the technologies with CTO.
  • CTO designates owners of resolutions to ensure that these problems do not happen again.
  • Our Client Partners will reach out to our customers to notify them of the resolution.

Continuous Improvement

  • During Incident Review, the team will also identify issues with processes and internal operations with the CEO.
  • Members of the response team are provided feedback immediately on how they could have handled escalation and resolution.
  • The goal of this feedback is to continuously improve our internal processes for incident management while it's top of mind.
  • Details of the incident are then released internally, including all feedback, so that it's logged and others may review it.
 
Did this answer your question?
😞
😐
🤩
Contact Us