Published incident response policy
Eunoiana Dev maintains an incident response policy for identifying, assessing, containing, remediating and communicating suspected security incidents affecting company systems, client projects, credentials, data or production services.
Eunoiana Dev responds to suspected security incidents in a structured way: receive and record the report, triage severity, contain immediate risk, investigate scope, communicate with affected parties where applicable, remediate the issue and review lessons learned.
Security concerns, suspected incidents or vulnerability reports can be sent to hello@eunoiana.com. Reports should include a short description, affected system or project, relevant timestamps, screenshots or logs where safe to share, and contact details for follow-up.
Eunoiana Dev leadership is responsible for incident coordination, severity assessment, client communication, containment decisions, remediation tracking and post-incident review. Technical delivery responsibilities include investigation, evidence collection, fixes, credential rotation and deployment of corrective actions.
Potential incidents may be identified through client reports, platform alerts, unusual system behaviour, failed access attempts, exposed credentials, suspicious activity, vulnerability notifications or third-party service communications.
Reports are assessed based on the systems affected, data sensitivity, likelihood of compromise, operational impact, availability impact and whether client data, personal data or production credentials may be involved.
Containment may include revoking access, rotating credentials, disabling affected accounts, taking a service offline, blocking traffic, reverting a deployment, removing exposed data or isolating a vulnerable component.
Eunoiana Dev reviews available logs, configuration, code changes, access history, deployment records, third-party platform information and other relevant evidence to understand cause, scope and likely impact.
Where an incident may affect a client, Eunoiana Dev will notify the client through the agreed project or account contact channel. Communications aim to explain what is known, what is being done, what support is needed and when further updates can be expected.
Remediation actions may include code fixes, configuration changes, patching, dependency updates, permission changes, credential rotation, restoration from backups, additional monitoring or updated operational procedures.
After a meaningful incident, Eunoiana Dev reviews root cause, response effectiveness, communication, technical fixes and follow-up actions. Lessons learned are used to improve controls and reduce recurrence risk.
This incident response policy is reviewed as systems, client requirements, hosting platforms and operational practices change.
Questions or security reports can be sent to hello@eunoiana.com.