Back to Trust Center

Incident Response Plan

Last Updated: January 9, 2026

Purpose

This plan defines how CandidateSeekers detects, responds to, and recovers from security incidents to minimize impact on our users and operations.

Roles & Responsibilities

  • Incident Commander: CTO / Lead Engineer. Responsible for coordinating the response.
  • Communications Lead: Responsible for notifying affected users and stakeholders.

Response Phases

1. Detection & Analysis

Incidents are identified through automated alerts (Vercel/Supabase monitoring), internal reports, or user reports sent to security@candidateseekers.com. The Incident Commander assesses the severity (Low, Medium, High, Critical).

2. Containment

Immediate action is taken to limit the scope of the incident. This may include:

  • Revoking compromised API keys or user sessions.
  • Blocking malicious IP addresses.
  • Taking specific services offline temporarily.

3. Eradication

The root cause is identified and removed. This includes patching vulnerabilities, removing malware, or updating misconfigured infrastructure.

4. Recovery

Systems are restored to normal operation. Systems are monitored closely to ensure the threat does not return.

5. Post-Incident Activity

A "Post-Mortem" meeting is held within 48 hours of resolution. We analyze:

  • What happened and why?
  • What went well in the response?
  • What can we improve? (Updates to code, policies, or monitoring).

Notification

In the event of a data breach affecting user data, CandidateSeekers will notify affected users within 72 hours of confirmation, complying with GDPR and applicable laws.