Incident Response
This document describes how oklido responds to security incidents and data breaches.
Our Commitment
We take security incidents seriously and are committed to:
- Rapid detection - Automated monitoring 24/7
- Swift response - Documented procedures for fast action
- Transparent communication - Timely notification to affected parties
- Continuous improvement - Learning from every incident
Incident Definition
A security incident is any event that:
- Compromises confidentiality, integrity, or availability of data
- Violates security policies or procedures
- Could result in unauthorised access to systems or data
- Involves loss or theft of data or equipment
Response Phases
1. Detection
How we detect incidents:
| Method | Coverage |
|---|---|
| Automated monitoring | 24/7 |
| Security alerts | Real-time |
| Log analysis | Continuous |
| User reports | Business hours |
| Third-party reports | As received |
2. Triage
Within 15 minutes of detection:
- Assess severity and scope
- Assign incident commander
- Activate response team
- Begin documentation
Severity Levels
| Level | Description | Response Time |
|---|---|---|
| Critical | Active data breach, service down | Immediate |
| High | Potential breach, major vulnerability | Within 1 hour |
| Medium | Limited exposure, minor vulnerability | Within 4 hours |
| Low | No data exposure, minimal impact | Within 24 hours |
3. Containment
Immediate actions to limit damage:
- Isolate affected systems
- Revoke compromised credentials
- Block malicious IPs/users
- Preserve evidence for investigation
4. Eradication
Remove the threat:
- Identify root cause
- Remove malware or vulnerabilities
- Patch affected systems
- Verify threat is eliminated
5. Recovery
Restore normal operations:
- Restore from clean backups if needed
- Verify system integrity
- Monitor for recurrence
- Gradual service restoration
6. Post-Incident
After the incident:
- Complete incident report
- Conduct root cause analysis
- Implement preventive measures
- Update procedures if needed
- Share lessons learned
Customer Notification
When We Notify
We notify affected customers when:
- Personal data may have been compromised
- Account credentials may have been exposed
- Service was significantly impacted
- Required by law or regulation
Notification Timeline
| Requirement | Timeline |
|---|---|
| Internal escalation | Within 1 hour |
| Regulatory notification (ICO) | Within 72 hours |
| Customer notification | Within 72 hours |
| Public disclosure | As appropriate |
What We Include
Notifications include:
- What happened
- What data was affected
- What we're doing about it
- What you should do
- How to contact us with questions
Notification Methods
- Email - Primary notification method
- In-app banner - For service issues
- Status page - For service availability
- Phone - For critical incidents (Enterprise)
Regulatory Reporting
ICO Notification
Under GDPR, we report to the ICO:
- Data breaches likely to result in risk to individuals
- Within 72 hours of becoming aware
- Include required information per Article 33
Other Regulators
We comply with other reporting requirements:
- FCA (if applicable)
- Sector-specific regulators
- Law enforcement (if required)
Your Role
How you can help:
Report Suspicious Activity
If you notice anything unusual:
- Email: security@oklido.com
- Include: What you observed, when, any screenshots
Respond to Notifications
If we notify you of an incident:
- Follow any instructions provided
- Change passwords if recommended
- Monitor accounts for unusual activity
- Contact us with questions
Security Contact
Report security incidents or concerns:
- Email: security@oklido.com
- Response time: Within 24 hours
Incident History
We maintain an internal incident log. Significant incidents affecting customers are communicated directly and may be summarised on our status page.
For questions about past incidents: security@oklido.com