Atlassian announces end of life for OpsGenie. Looking to switch? We're here to help -- Learn More ➡️
Menu

Data Breach Policy

1. Introduction

PagerTree is committed to detecting, responding to, and communicating security incidents involving customer data in a timely and transparent manner. This Data Breach Policy outlines PagerTree’s procedures for identifying, assessing, containing, and resolving confirmed or suspected data breaches.

2. Scope

This policy applies to:

  • All PagerTree systems, applications, and cloud infrastructure
  • All employees, contractors, and third parties with system or data access
  • Any incident involving unauthorized access, disclosure, alteration, or loss of customer data

3. Definition of a Data Breach

A data breach is any confirmed or suspected incident that results in:

  • Unauthorized access to customer data
  • Unauthorized disclosure or modification of customer data
  • Loss or destruction of customer data
  • Compromised credentials or system access
  • Malicious activity impacting data integrity or confidentiality

4. Detection & Reporting

PagerTree detects potential breaches through:

  • Security monitoring and alerts
  • Logging and anomaly detection
  • Automated intrusion detection systems
  • Responsible disclosure reports
  • Internal reporting by employees or contractors

All personnel must immediately report suspected breaches to security@pagertree.com.

5. Incident Response Process

5.1 Identification

The security team quickly evaluates alerts or reports to determine if the event may constitute a breach.

5.2 Containment

Containment actions may include:

  • Disabling affected accounts or access keys
  • Isolating compromised systems
  • Blocking malicious traffic
  • Applying emergency patches or configuration changes

5.3 Investigation

PagerTree investigates to determine:

  • What occurred
  • What data or systems were affected
  • Whether unauthorized access occurred
  • How the incident happened
  • The scope and severity of the impact

5.4 Eradication & Recovery

Actions may include:

  • Removing malicious files or code
  • Restoring systems to a known-good state
  • Rebuilding or patching affected infrastructure
  • Strengthening relevant security controls

Systems are returned to normal use only after validation.

6. Customer Notification

If customer data is reasonably believed to be impacted, PagerTree will notify affected customers without undue delay, consistent with:

  • Applicable laws
  • Contractual obligations
  • Industry best practices

Notifications include:

  • A description of the incident
  • Types of data potentially affected
  • Actions PagerTree has taken
  • Recommended customer actions (if any)
  • Ongoing updates as we learn more

PagerTree prioritizes clear, transparent communication.

7. Post-Incident Review

Following incident resolution, PagerTree conducts a review to:

  • Identify root cause
  • Document lessons learned
  • Improve security controls
  • Update relevant policies and procedures

8. Enforcement

Non-compliance may result in revoked access privileges, disciplinary actions, or contract termination for third parties.

9. Review and Maintenance

This policy is reviewed annually or after any significant incident requiring an update.