Atlassian announces end of life for OpsGenie. Looking to switch? We're here to help -- Learn More ➡️
Menu

Incident Response Policy

1. Introduction

PagerTree is committed to rapidly identifying, analyzing, and responding to security incidents that may impact the confidentiality, integrity, or availability of our systems and customer data. This Incident Response Policy outlines the structured processes used to detect, investigate, contain, and remediate security incidents.

2. Scope

This policy applies to:

  • All PagerTree systems, applications, and infrastructure
  • All employees, contractors, and approved third parties
  • Any event that may negatively affect system security, data integrity, or service availability

This policy complements PagerTree’s Data Breach Policy, Secure Development Policy, and Business Continuity & Disaster Recovery (BCDR) Policy.

3. Incident Categories

PagerTree classifies incidents into categories based on potential impact:

  • Security Incident: Any confirmed or suspected event involving unauthorized access, data exposure, malicious activity, or system compromise.
  • Operational Incident: Service degradation or outages affecting system availability.
  • Threat Event: Detected anomalies or suspicious activity that require investigation.

4. Incident Response Objectives

PagerTree’s incident response goals are to:

  • Minimize impact to customers and systems
  • Restore normal service operations quickly
  • Protect customer data
  • Maintain transparency and communication
  • Capture lessons learned for future improvement

5. Detection & Reporting

5.1 Automated Detection

PagerTree uses a variety of tools and processes to detect incidents, including:

  • Real-time monitoring and alerting
  • Application and infrastructure logging
  • Automated anomaly detection
  • Intrusion and behavior detection mechanisms

5.2 Internal Reporting

Employees and contractors must immediately report suspected incidents to:
security@pagertree.com

5.3 External Reporting

PagerTree encourages responsible disclosure from security researchers and customers.

6. Incident Response Process

6.1 Identification

The PagerTree Security Team evaluates alerts or reports to confirm whether the event meets the definition of an incident.

6.2 Containment

Steps may include:

  • Blocking malicious IP addresses
  • Disabling impacted accounts or access keys
  • Isolating compromised systems
  • Temporarily modifying firewall or routing rules

6.3 Investigation

PagerTree conducts a detailed analysis to determine:

  • What happened
  • What systems or accounts were affected
  • Whether data was accessed or modified
  • Root cause and attack vector
  • Overall severity and customer impact

6.4 Eradication & Remediation

Actions may include:

  • Removing malicious artifacts or unauthorized users
  • Patching or reconfiguring affected systems
  • Rotating secrets or access credentials
  • Deploying security updates or additional controls

6.5 Recovery

Systems are returned to production only after:

  • Validation that vulnerabilities are remediated
  • Verification that systems are functioning normally
  • Monitoring to prevent recurrence

6.6 Customer Notification

If customer data or service availability is impacted, PagerTree may notify customers through:

Notifications include factual updates about the incident, actions taken, and recommended customer steps (if any).

7. Post-Incident Review

Within a reasonable period after incident resolution, PagerTree conducts a post-incident review to:

  • Document findings and timeline
  • Identify gaps in detection or response
  • Improve tooling, training, and controls
  • Update relevant policies or procedures

8. Roles & Responsibilities

Security Team

  • Lead incident detection, containment, investigation, and recovery
  • Coordinate with engineering and operations teams
  • Ensure compliance with PagerTree policies

Engineering & Operations Teams

  • Provide system expertise during investigations
  • Assist in remediation and recovery tasks

Executive Management

  • Provide support, oversight, and prioritization for high-severity incidents

9. Enforcement

Non-compliance with this policy may result in revoked system access, disciplinary action, or contract termination for third parties.

10. Review & Maintenance

This policy is reviewed annually or upon significant changes to PagerTree infrastructure, monitoring, or incident response processes.

For questions about this policy, contact security@pagertree.com.