Security

Incident Response Plan

Last updated: January 29, 2026

This document outlines Echo's procedures for identifying, responding to, and recovering from security incidents. Our goal is to minimize impact, restore services quickly, and prevent future occurrences.

Incident Classification

Security incidents are classified by severity:

Critical (P0)

  • Confirmed data breach involving customer data

  • Complete service outage affecting all customers

  • Active exploitation of a security vulnerability

  • Unauthorized access to production systems

Response time: Immediate (within 15 minutes)

High (P1)

  • Potential data exposure (unconfirmed breach)

  • Partial service degradation affecting multiple customers

  • Discovery of exploitable vulnerability in production

  • Suspicious activity requiring investigation

Response time: Within 1 hour

Medium (P2)

  • Minor service issues affecting limited customers

  • Security vulnerability in non-production systems

  • Failed intrusion attempts

Response time: Within 4 hours

Response Team

The incident response team consists of:

  • Incident Commander: CEO/CTO - Overall coordination and decision making

  • Technical Lead: Senior Engineer - Technical investigation and remediation

  • Communications Lead: Designated team member - Customer and stakeholder communication

Response Procedure

1. Detection & Identification

  • Monitor alerts from Vercel, Neon, and application logs

  • Receive and triage reports from customers or team members

  • Classify incident severity based on impact assessment

  • Document initial findings with timestamps

2. Containment

  • Isolate affected systems to prevent spread

  • Revoke compromised credentials immediately

  • Block malicious IP addresses or traffic patterns

  • Preserve evidence for investigation (logs, snapshots)

3. Eradication

  • Identify and remove root cause of incident

  • Patch vulnerabilities or misconfigurations

  • Reset credentials and rotate secrets as needed

  • Verify removal of threat from all systems

4. Recovery

  • Restore services from known-good backups if necessary

  • Gradually bring systems back online with monitoring

  • Verify service functionality and data integrity

  • Continue enhanced monitoring for 48-72 hours

5. Post-Incident Review

  • Conduct post-mortem within 48 hours of resolution

  • Document timeline, impact, and root cause

  • Identify preventive measures and improvements

  • Update procedures and documentation as needed

Communication Protocol

Internal Communication

  • Alert incident response team via Slack #security-incidents channel

  • Update status every 30 minutes for P0/P1 incidents

  • All communication is timestamped and documented

Customer Communication

  • Affected customers notified within 24 hours for P0/P1 incidents

  • Status page updated with incident information

  • Post-incident summary provided to affected customers

Regulatory Notification

For incidents involving personal data breaches:

  • GDPR: Supervisory authority notified within 72 hours

  • Affected data subjects notified without undue delay

  • Documentation maintained for compliance purposes

Contact Information

To report a security incident or vulnerability:

We appreciate responsible disclosure of security vulnerabilities.

ECHO AI COMMERCE