Incident response plan
Atlan's incident response plan for any potential security incidents is as follows:
Incident response process
For any potential issues, the Incident Response Team at Atlan follows a structured process designed to investigate, contain, and remediate the threat and recover systems and services. The process includes:
- Event reported - initial notification of the incident.
- Triage and analysis - assessment of the incident's severity and potential impact.
- Investigation - detailed examination to understand the cause and scope.
- Containment and neutralization - actions to limit the impact and prevent further exploitation.
- Recovery and vulnerability remediation - restoration of systems and addressing vulnerabilities.
- Hardening and detection improvements - enhancing security measures and detection capabilities to prevent future incidents.
Key details about this process are as follows:
- Incident manager - oversees incident response efforts.
- War room - Internal tooling orchestrates incident response, with dedicated communication channels automatically created per incident.
- Recurring meetings - regular meetings to review the incident status until resolution.
- Notification - legal and executive staff are informed as required.
- Post-incident review - Atlan produces a post-incident RCA for material incidents and shares it with affected customers on request.
Incident severity levels
| Severity | Category | Description |
|---|---|---|
| P0 | Critical | Actively exploited risk involves the engagement of a malicious actor. Identifying such active exploitation is essential. Major data breach, widespread system outage, critical vulnerability being actively exploited. |
| P1 | High | Active exploitation is not yet confirmed but is highly probable. The vulnerability presents a high risk, potentially causing severe performance degradation or unauthorized access to sensitive data. |
| P2/P3 | Medium/Low | Suspicious or unusual behavior that has not yet been verified and requires further investigation. This includes moderate performance issues, non-critical vulnerabilities, and isolated incidents affecting a small group of users. |
Incident reporting
Atlan reports any breaches to customers, consumers, data subjects, and regulators without undue delay and in accordance with all contractual commitments and applicable legislation. Where a personal-data breach is confirmed, Atlan notifies affected customers and relevant supervisory authorities within 72 hours, consistent with GDPR Article 33.
If any users become aware of an information security incident, potential incident, imminent incident, unauthorized access, policy violation, security weakness, or suspicious activity, please notify Atlan support immediately.
Security researchers can report suspected vulnerabilities to Atlan's Responsible Disclosure Program.