Incident Response

How StorylineIQ detects, contains, and notifies customers of security events.

Last updated July 8, 2026

Detection

We monitor authentication patterns, application errors, database access anomalies, and infrastructure-provider security alerts. Suspected events are triaged by an on-call engineer.

Investigation

On-call engineers determine scope (which records, which districts, which users), classify severity, and preserve evidence (logs, audit records, timestamps) for later review.

Containment

Affected credentials are rotated, vulnerable endpoints are taken out of rotation, and impacted data paths are isolated. Containment actions are logged.

Recovery

Service is restored from clean state, verified end-to-end, and monitored for recurrence. A post-incident review documents root cause, customer impact, and remediation.

Customer notification

We commit to timely notification of affected districts where required by law or contract. For confirmed incidents involving district data, we provide:

  • Description of what occurred and what data was involved
  • Time window of the incident
  • Containment and remediation steps taken
  • Recommended district actions, if any
  • A point of contact for follow-up questions

Notification is delivered to the district's designated security and privacy contacts. We do not require districts to discover incidents through public channels.

What we do not publish

We do not publish internal incident-response playbooks, escalation thresholds, or specific technical controls on this page. Districts under a signed DPA may request additional detail through security@storylineiq.com.