Incident Response Plan

Incident Response Plan

Accessible Web’s incident response follows the motto “Aviate, Navigate, Communicate.”

This concept (ANC) originates from aviation, where it serves as a prioritization mantra for pilots: first, keep the aircraft flying (Aviate), then determine the aircraft’s position and trajectory (Navigate), and finally, communicate with relevant parties (Communicate). This principle can be applied to SaaS incident response to ensure a structured and efficient approach. 

When confronted with an incident our first priority is always containment and management of the issue. Once we feel we have the scope and impact under control, we will communicate and plan resolution of the incident with our customers. Details about what this looks like in practice are detailed in this document.

1. Aviate (Stabilize)

Focus on stabilizing the system to prevent further damage or downtime.

  • Immediate Response: Quickly identify and isolate the problematic component or service. Ensure the incident doesn’t worsen. 
  • Mitigation: Apply immediate fixes or temporary solutions to stop the issue from worsening.
  • Safety Measures: Activate backup systems, reroute traffic, or implement other fail-safes to maintain basic functionality.

2. Navigate (Diagnose and Plan)

Determine the cause of the incident and develop a strategy for resolution.

  • Root Cause Analysis: Investigate and identify the underlying root cause of the incident.
  • Impact Assessment: Understand the scope and impact on users and services.
  • Prioritization: Determine which areas need the most urgent attention and plan the steps for resolution. Develop a step-by-step plan to resolve the issue permanently.

3. Communicate (Inform and Collaborate)

Keep all stakeholders informed and involved throughout the incident.

  • Internal Communication: Ensure all team members are aware of the situation and their roles in the response.
  • External Communication: Inform affected customers, partners, and users about the incident, steps being taken, and expected resolution times. Updates are provided on our status page which can be viewed and subscribed to at https://accessibleweb.statuspage.io/ 
  • Documentation: Keep detailed records of the incident, actions taken, and communication logs for post-incident review and improvement.

Protecting Customer Data

Ensuring the security and integrity of our customers’ data is a top priority during any incident. Our measures include:

  • Avoiding Sensitive Data Storage: Our number one defense is we actively avoid storing sensitive customer data, including Personally Identifiable Information (PII), source code, production credentials, etc. However, we store non-sensitive PII such as names, email addresses, and phone numbers.
  • Data Encryption: Customer data is encrypted both in transit and at rest, minimizing the risk of unauthorized access.
  • Access Control: We enforce strict access controls, ensuring only authorized personnel can access sensitive data.
  • Regular Backups: We perform regular data backups to ensure that customer information can be restored in the event of data loss.
  • Security Monitoring: Continuous monitoring of our systems helps us detect and respond to security threats promptly.
  • Compliance: We adhere to industry standards and regulations (such as GDPR and CCPA) to ensure customer data is handled with the utmost care and legal compliance.