Security Incident Response Policy
This policy describes how TochkaBG identifies, handles, and reports security incidents affecting merchant or customer data.
1. Scope
This policy applies to production systems, application components, data stores, and supporting infrastructure used to operate TochkaBG.
2. Incident Detection
- Monitoring of application errors and unusual behavior.
- Review of operational logs and deployment anomalies.
- Reports from merchants, Shopify, or infrastructure providers.
3. Triage and Classification
Potential incidents are reviewed promptly and classified by severity based on impact to confidentiality, integrity, and availability.
4. Containment and Remediation
- Restrict access and isolate affected components.
- Apply fixes, rotate credentials, and deploy mitigations.
- Validate system integrity before returning to normal operation.
5. Notification
If an incident materially affects merchant data, impacted parties are notified without undue delay, including relevant details and recommended actions.
6. Recovery and Lessons Learned
After resolution, we perform a post-incident review to identify root cause, corrective actions, and preventive improvements.
7. Contact
Security concerns can be reported to [email protected].