Effective Date: November 19, 2025 • Last Updated: November 19, 2025
1. Incident Response Team
1.1 Primary Contacts
| Role | Name | Contact | Responsibilities |
|---|---|---|---|
| Incident Commander | Ronak Shah | ronak@aurium.ai | Overall coordination, decisions, customer communication |
| Technical Lead | Christopher Cha | christopher@aurium.ai | Technical investigation, containment, remediation |
1.2 Escalation Path
- Technical Lead (first responder)
- Incident Commander (decision authority)
- Legal counsel (if needed)
- Law enforcement (if required)
2. Incident Classification
2.1 Severity Levels
| Severity | Description | Response Time | Examples |
|---|---|---|---|
| Critical | Active breach with customer data exposure | Immediate | Data exfiltration, active intrusion |
| High | Potential breach or significant vulnerability | < 4 hours | Unauthorized access attempt, critical vulnerability |
| Medium | Security event requiring investigation | < 24 hours | Suspicious activity, failed attack |
| Low | Minor security event | < 72 hours | Policy violation, phishing attempt |
3. Incident Response Phases
3.1 Detection & Identification
Sources of Detection:
- Sentry error monitoring
- PostHog analytics anomalies
- Customer reports
- Team member observations
- Automated alerts
3.2 Containment
Immediate Actions:
- Isolate affected systems
- Block malicious IPs or accounts
- Preserve evidence (logs, snapshots)
- Prevent further data loss
3.3 Eradication
- Identify root cause
- Remove malware or unauthorized access
- Patch vulnerabilities
- Reset compromised credentials
3.4 Recovery
- Restore systems from clean backups
- Verify system integrity
- Monitor for re-infection
- Return to normal operations
3.5 Post-Incident Review
- Conduct lessons learned session
- Update incident response procedures
- Implement preventive measures
4. Customer Notification
4.1 Notification Timeline
| Regulation | Requirement | Our Commitment |
|---|---|---|
| GDPR | 72 hours to supervisory authority | 72 hours |
| CCPA | "Most expedient time possible" | 72 hours |
| General | Best practice | 72 hours |
4.2 Notification Content
Customer notifications will include:
- Nature of the incident - What happened
- Data involved - Types of data affected
- Impact - Potential consequences
- Actions taken - Our response measures
- Customer actions - Steps they should take
- Contact information - How to reach us
- Updates - Commitment to ongoing communication
4.3 Notification Methods
- Email to account owner
- In-app notification
- Phone call (critical incidents)
- Status page update (if service affected)
5. Security Training
5.1 Annual Training
All team members complete annual security training covering:
- Recognizing phishing and social engineering
- Secure coding practices
- Incident reporting procedures
- Data handling requirements
- Access control policies
5.2 Training Records
- Document training completion
- Retain records for 3 years
- Address training gaps promptly
6. Recovery Resources
6.1 Backup Information
- Provider: Neon
- Frequency: Daily at 00:00 UTC
- Retention: 14 days
- PITR: Available for 14 days
7. Contact
For security incidents: security@aurium.ai
For emergencies, include "URGENT" in the subject line.