Incident Response
Principles
- Escalate quickly
- Communicate clearly
- Prioritize client notification
- Document corrective actions
- Client notification is prioritized over “silent remediation”
Incident Types
We prepare for and respond to various incident categories:
| Category | Examples |
|---|---|
| Security incidents | Unauthorized access attempts, malware detection, credential compromise, data breach |
| Service disruption | Application downtime, infrastructure failure, performance degradation |
| Data incidents | Accidental data exposure, data loss, integrity issues |
| Compliance incidents | Policy violations, audit findings, regulatory concerns |
Response Process
1. Detection & Reporting
- Automated detection: EDR alerts, monitoring systems, security scanning
- Manual reporting: Any team member can escalate a concern immediately
- Client reporting: Clients can report issues through established channels
2. Triage & Classification
Incidents are assessed and classified by severity:
| Severity | Description | Examples |
|---|---|---|
| Critical | Active breach, data exfiltration, complete service outage | Confirmed unauthorized access to client data, ransomware |
| High | Significant security risk, major service degradation | Malware detected, authentication system down |
| Medium | Contained security issue, partial service impact | Failed intrusion attempt, single component failure |
| Low | Minor issue, no immediate risk | Policy violation, configuration drift |
3. Notification
We notify clients promptly based on severity:
- Critical/High: Immediate notification to designated client contacts
- Medium: Notification within the same business day
- Low: Included in regular status updates or as agreed
Notification includes: what happened, what we know so far, what we’re doing, and expected next update.
4. Containment & Remediation
- Immediate containment: Isolate affected systems, revoke compromised credentials, block malicious traffic
- Root cause analysis: Determine how the incident occurred
- Remediation: Fix the underlying issue, restore services
- Verification: Confirm the incident is fully resolved
5. Post-Incident Review
After resolution:
- Document timeline, impact, and response actions
- Identify what worked and what could improve
- Implement preventive measures
- Share relevant learnings with the client
Service Continuity
Availability Approach
When we host services on your behalf:
- Monitoring: Continuous health checks and alerting for infrastructure and applications
- Redundancy: Services can be deployed across multiple availability zones where supported
- Failover: Automated or rapid manual failover for critical components
- Communication: Status updates during outages through agreed channels
Downtime Handling
If a service disruption occurs:
- Acknowledge: Confirm the issue and begin investigation
- Communicate: Notify affected stakeholders with initial assessment
- Restore: Prioritize service restoration, then root cause analysis
- Update: Provide regular updates until resolution
- Review: Post-incident summary with preventive actions
Recovery Capabilities
Our infrastructure approach supports rapid recovery:
- Infrastructure as Code: Environments can be rebuilt quickly from version-controlled definitions
- Automated deployments: Reduces manual error during recovery
- Backup restoration: Tested procedures for data recovery
- Runbooks: Documented procedures for common failure scenarios
Business Continuity
Our Preparedness
- Distributed team: No single point of failure for personnel
- Cloud-based infrastructure: Not dependent on physical office locations
- Documented procedures: Runbooks for critical operations
- Regular testing: Recovery procedures verified periodically
For Client-Hosted Environments
When working in your infrastructure, we follow your incident response and business continuity procedures. We participate in drills and exercises as required.
Last updated on