Compliance
Incident response
The codebase has health checks, audit logs, and metrics. The remaining work is operational: alerting, ownership, evidence handling, and notification workflows.
Step 1
Detect the issue from logs, metrics, health checks, or user reports.
Step 2
Classify severity and scope.
Step 3
Contain affected systems and revoke or rotate secrets if needed.
Step 4
Preserve evidence and audit trail.
Step 5
Assess whether personal data may have been exposed.
Step 6
Escalate to owners, compliance, and counsel as needed.
Step 7
Notify authorities and customers if the threshold is met.
Step 8
Track remediation and postmortem actions to closure.