Incident Response Process

Incident Response Process

Our incident response process follows a structured 6-step approach:

1. Preparation

• Incident response plan up to date

• Team trained and available 24/7

• Tools and procedures documented

2. Detection & Identification

• 24/7 automated monitoring and alerting

• Rapid triage within 15 minutes (P1)

• Impact and severity assessment

3. Containment

• Immediate isolation of affected systems

• Stop the spread, minimize claim

• Retention of forensic data

4. Eradication

• Complete removal of threats

• Security patches and hardening

• Verification by security team

5. Recovery

• Phased restoration of services

• Comprehensive monitoring

• Validation and testing

6. Post-Incident Analysis

• Within 5 business days after closure

• Lessons learned and improvement

• Runbook updates

Communication During Incidents

Customer Communication

When do we communicate?

• For P1/P2 incidents that impact customers

• Transparent, empathetic, and factual

• Regular updates according to severity level

How do we communicate?

• Email notifications

• In-app notifications (if applicable)

What do we communicate?

• What's going on?

• What impact (customers/features)

• What are we doing about it?

• Timing of next update

Data Breach Procedures

GDPR Compliance

In the event of a data breach, we follow strict GDPR procedures:

Assessment

• Onmiddellijke interne notificatie (< 1 uur)

• Impact assessment (< 4 uur)

• Risk assessment for those involved

Notification Timeline

• Data Protection Authority: Within 72 hours (if required)

• Parties involved: Without delay (in high-risk cases)

Your Role

Help us help

• Report suspicious activity via onesurance

• Participate in research if relevant

• Follow our security recommendations

• Keep contact information up to date