Limited Pilot Program · Currently invitation-only. Request Pilot Access

Incident Response Policy

Last updated: June 2026

StorylineIQ maintains a documented incident response program covering detection, containment, investigation, customer notification, and post-incident review.

1. Detection

Automated monitoring on authentication anomalies, rate limits, RLS denials, and error rates. On-call rotation acknowledges alerts 24/7.

2. Triage

Within 1 hour of detection, the incident commander assigns severity (Sev-1 through Sev-3), scopes affected districts, and starts an incident timeline.

3. Containment

Revoke compromised credentials, rotate keys, isolate affected components, and apply emergency RLS or rate-limit hardening as needed.

4. Investigation

Audit logs, database snapshots, and edge logs are preserved. Root cause is documented before resolution is declared.

5. Customer notification

For incidents involving a Personal Data Breach, affected districts are notified without undue delay and in any event within 72 hours, per our DPA §7.

6. Post-incident review

Within 10 business days of resolution we publish an internal post-mortem and any customer-facing summary, with corrective actions tracked to completion.

Severity definitions

  • Sev-1 — Personal Data Breach. Confirmed unauthorized access to, or disclosure of, student or user PII. 72-hour customer notification under DPA §7.
  • Sev-2 — Service-impacting security event. Outage, authentication failure, or vulnerability with potential PII exposure but no confirmed access. Status-page update + direct contact with impacted districts.
  • Sev-3 — Internal security event. Contained issue with no customer impact (e.g., a discovered-and-patched vulnerability). Tracked internally; surfaced in the next quarterly security report on request.

What customers receive

For any Sev-1 or Sev-2 incident affecting a district, we provide:

  • The nature and approximate time of the incident
  • Categories of data affected and approximate number of records
  • Containment and remediation actions taken
  • Recommended customer-side actions (e.g., reset admin credentials)
  • A named point of contact at StorylineIQ for follow-up

Reporting a suspected incident

Districts, parents, security researchers, or anyone with knowledge of a potential security incident should email security@storylineiq.com. We acknowledge within 2 business days. For sensitive disclosures, request our PGP key in the initial message.

Related documents