Incident Response
How we detect, contain, investigate, and communicate security incidents — with a 72-hour notification commitment.
Impact Suite maintains a documented, tested incident-response program designed to rapidly detect, contain, investigate, and remediate security events while keeping affected agencies informed.
Detection (24/7)
- Automated monitoring via AWS CloudWatch — unusual access patterns, failed authentication, configuration changes, and traffic anomalies.
- Security-event logging — authentication, privileged-account activity, data access, administrative actions, and API usage.
- Anomaly detection and real-time alerting, plus employee and customer reporting channels.
Four-phase response
- Detection & initial response (0–2 hours) — leadership notified, preliminary assessment, severity classification (Critical/High/Medium/Low), and tracking.
- Containment (2–24 hours) — prevent further access, isolate systems/accounts, preserve evidence, assess impact.
- Investigation & eradication — forensic analysis, root-cause identification, timeline reconstruction, threat removal, and patching.
- Recovery & post-incident — restoration from secure backups, a post-mortem within 30 days, and security improvements.
Breach notification
We notify affected educational agencies within 72 hours of confirming a security incident involving personally identifiable information or student data. Notification includes the incident description and timeline, data categories affected, number of individuals affected, and containment/preventive actions. Individuals and regulators are notified where legally required.
Backup & recovery
Daily automated backups (30-day retention), encrypted and geographically distributed; Recovery Time Objective of 4 hours for critical systems and a Recovery Point Objective of 24 hours; multi-region AWS architecture with a 99.9% uptime target.
Testing
Annual tabletop exercises validate detection, team coordination, notification, technical response, and evidence collection.
To date, Impact Suite has not experienced a confirmed security breach involving unauthorized access to, or disclosure of, student data or personally identifiable information.