In accordance with industry standards, Cedar CI utilizes the following procedure for handling security incidents. The amount of emphasis placed on each phase will vary based on the severity of the incident.

In case of a suspected security breach or vulnerability, immediately email security.

Triage 

All reports of a suspicious nature are escalated to management and security personnel. An incident is declared when an employee senses that an adverse risk to the company exists.

Investigate 

An incidence response team comprising the main stakeholders of the affected systems is assembled and given access to relevant backups, logs, and deployments. Any third-party vendors that may be involved or affected are contacted to aid in containment and investigation.

The investigation is performed in a fact-based, scientific manner. Records and notes are kept up-to-date throughout the process for later reference.

If affected, customers should be notified of a potential data breach as soon as possible.

Where applicable, Cedar CI will notify relevant law enforcement agencies and third parties of the incident and keep them up-to-date on the resolution process.

Resolve 

Once clearly identified, securing the vulnerable system becomes the highest priority item for the involved teams. Resolving a security incident may involve changes to infrastructure, code, process, or team composition. Additionally, security scans for similar vulnerabilities should be performed on all systems.

As a final precaution, access tokens, passwords, and encryption keys of all affected and directly connected systems and accounts are changed, regardless of the investigations findings as to their integrity.

Postmortem 

A formal follow-up report is created that details the scope of the incident and the steps taken in its mitigation. The report should outline new systems and procedures to prevent such incidents in the future. It may make suggestions for improvements to long term monitoring and changes to access policies, where appropriate.