Detection
We monitor authentication patterns, application errors, database access anomalies, and infrastructure-provider security alerts. Suspected events are triaged by an on-call engineer.
Investigation
On-call engineers determine scope (which records, which districts, which users), classify severity, and preserve evidence (logs, audit records, timestamps) for later review.
Containment
Affected credentials are rotated, vulnerable endpoints are taken out of rotation, and impacted data paths are isolated. Containment actions are logged.
Recovery
Service is restored from clean state, verified end-to-end, and monitored for recurrence. A post-incident review documents root cause, customer impact, and remediation.
Customer notification
We commit to timely notification of affected districts where required by law or contract. For confirmed incidents involving district data, we provide:
- Description of what occurred and what data was involved
- Time window of the incident
- Containment and remediation steps taken
- Recommended district actions, if any
- A point of contact for follow-up questions
Notification is delivered to the district's designated security and privacy contacts. We do not require districts to discover incidents through public channels.
What we do not publish
We do not publish internal incident-response playbooks, escalation thresholds, or specific technical controls on this page. Districts under a signed DPA may request additional detail through security@storylineiq.com.
