PhotoRobot Incident Response Policy
This document defines the PhotoRobot Incident Response Policy. It establishes PhotoRobot’s structured approach to identifying, managing, and resolving security incidents affecting systems or data. The Incident Response Policy supports compliance with PhotoRobot’s contractual obligations under the DPA and SLA.
Objectives
- Minimize impact of incidents
- Ensure rapid and coordinated response
- Maintain transparency and auditability
- Comply with legal and contractual requirements
Scope
Covers events affecting:
- PhotoRobot Cloud
- Customer data
- Infrastructure hosted on Google Cloud
- Internal systems and devices
Incident Classification
Incidents are categorized based on:
- Severity (low / medium / high)
- Data impact
- Operational impact
- Regulatory exposure
Roles & Responsibilities
- Incident Commander (CTO or delegate): Leads response
- Engineering: Executes technical mitigation steps
- Support: Customer communication when required
- Management: Escalation and decision-making
4-Phase Incident Response Cycle
1. Identification
- Alert detection via GCP Monitoring
- Log review
- Suspicious access or anomalies
- Report from user or employee
2. Containment
- Limit scope of incident
- Disable access if needed
- Isolate affected systems
- Block malicious activity
3. Eradication & Recovery
- Remove root cause
- Restore system from backup as needed
- Patch vulnerabilities
- Validate integrity
4. Lessons Learned
- Document full report
- Update controls based on findings
- Brief internal stakeholders
Notification & Reporting
- GDPR-relevant incidents escalated immediately
- Subprocessor incidents follow contract obligations
- Customer notification performed through official support channels
Evidence Handling
- Logs preserved
- Forensic data kept for audit
- Centralized incident documentation maintained