Security

Incident Response

Our security incident response process. Transparent communication, rapid response, and continuous improvement.

<15 min detection

24/7 security team

Public post-mortems

Response Timeline

Detection & Triage

< 15 minutes

Automated alerting triggersOn-call engineer engagedInitial severity assessmentIncident commander assigned

Containment

< 1 hour

Threat isolatedAffected systems identifiedAccess revoked if neededEvidence preserved

Eradication

< 4 hours

Root cause identifiedVulnerability patchedMalicious artifacts removedSystems hardened

Recovery

< 24 hours

Services restoredData integrity verifiedMonitoring enhancedCustomer communication

Post-Incident

< 5 days

Incident report publishedLessons learned documentedProcess improvements identifiedCustomer follow-up

Severity Levels

Severity	Description	Response	Notification
Critical	Active data breach or exploitation	All hands on deck, 24/7 response	Immediate (within 1 hour)
High	Significant vulnerability with potential for breach	Security team engaged immediately	Within 4 hours
Medium	Security issue requiring prompt attention	Security team notified, next business day	Within 24 hours
Low	Minor security improvement opportunity	Scheduled for next sprint	In monthly security update

Notification Channels

Email

Sent to all security contacts and account owners.

Phone (Critical)

For critical incidents, we call your security contact.

Webhook

Real-time security events to your security tooling.

Security Webhook Payload

Subscribe to security events for real-time incident notifications.

security.incident Event

{
  "event": "security.incident",
  "timestamp": "2024-12-15T10:30:00Z",
  "severity": "high",
  "incident": {
    "id": "inc_abc123xyz",
    "title": "Unauthorized access attempt detected",
    "status": "investigating",
    "affected_services": ["api", "webhooks"],
    "customer_impact": "none",
    "summary": "We detected and blocked an unauthorized access attempt..."
  },
  "links": {
    "status_page": "https://status.justkalm.com/incidents/inc_abc123xyz",
    "updates": "https://api.justkalm.com/v1/incidents/inc_abc123xyz"
  }
}

Customer Responsibilities

Keep Contacts Updated

Ensure your security contact information is current so we can reach you during incidents.

Monitor Security Emails

Ensure security@[yourdomain] reaches your security team and isn't filtered.

Report Suspicious Activity

If you notice unusual API activity or suspect a breach, contact security@justkalm.com immediately.

Rotate Credentials

When notified of a credential-related incident, rotate your API keys promptly.

Report a Vulnerability

Found a security issue? We have a responsible disclosure program with rewards.

Bug Bounty Program

We pay up to $10,000 for critical vulnerabilities reported responsibly.

Learn More

Questions About Security?

Contact our security team for security questionnaires, penetration test reports, or incident inquiries.

security@justkalm.com