Incident Reporting Procedure

Overview

This Alpha Serve internal procedure is to handle information security incidents so as to minimize their impact on the confidentiality, integrity, and availability of the systems, applications, and data. An effective approach to managing such incidents also limits the negative consequences to relevant parties and improves the ability of Alpha serve to restore operations affected by such incidents.

Goals

The goals of establishing a successful incident management procedure include the following:

  1. Mitigating the impact of security incidents on systems, applications and customers;

  2. Identifying the sources and underlying causes of such security incidents and unauthorized disclosures in order to reduce their future likelihood of occurrence;

  3. Protecting, preserving, and making usable all information regarding the incident or disclosure as necessary for analysis and notification.

  4. Ensuring that all parties are aware of their responsibilities regarding such system security incident handling.

  5. Protecting the reputation of Alpha Serve as Atlassian Marketplace Partner.

Incident Definition

An application security incident is, actual or suspected:

  • Unauthorized access, use, disclosure, modification, or destruction of information;

  • Interference with information technology operation;

  • Violation of explicit security policy by any party;

  • Compromised user accounts;

  • Unauthorized access to, or use of, systems, software, or data;

  • Unauthorized changes to systems, software, or data.


Procedure Instructions

Incident Detection and Impact Assessment

All incident detected should be evaluated by the revealing person in terms of potential impact:

  • Functional impact (if the incident consequences influence the usability and stable work of the application);

  • Data impact (if the incident consequences influence data privacy of data integrity of the application users);

  • Reputational impact (if the incident consequences influence the Alpha Serve reputation in terms of business ethics, employer branding, product quality, taxes or other.

Based on the primary evaluation, the recoverability efforts are defined and documented.

Incident Reporting and Escalation

Each employee, temporary worker and contractor must report their supervisor on actual or suspected application security incidents as soon as possible so that work can begin to assess, investigate and resolve them.

All information about the security incident is communicated and stored internally.

An incident report must include:

  • date and time of detection;

  • a person who revealed the incident;

  • short description of the incident, including screenshots, screencasts and copies of emails if relevant;

  • risk category according to the Application Security Policy;

  • impact assessment results;

  • possible solutions details;

  • other parties informed if relevant.

If the incident poses any kind of immediate danger, the Alpha Serve CEO should be informed immediately by email and telephone. Only the CEO can be responsible for final risks evaluation and further decisions on communication with customers (if affected) and Atlassian (if relevant) by creating an App Security Incident ticket.

The CEO and relevant team members will stay available to communicate with Atlassian security team during resolution and inform them when the incident is resolved, and/or in case Atlassian needs to take necessary action to prevent additional breaches.

Incident Resolution and Post-Incident Review

Based on the information in the incident report, supervisor and/or Alpha Serve management team define the further process of incident resolution and create tasks and assignments with due dates to the relevant team members.

After the incident resolution, the supervisor defines the type and amount of testing and assessment measures in order to control the results and ensure the correct work of application from every perspective.

Incident report data is included in the internal knowledge base when relevant.