Backpack Works logo
All policies
Version: 1.0Last updated: January 2026Owner: Security Lead

Incident Response Plan

1. Purpose

To define how Backpack Works detects, responds to, and recovers from security incidents, and how we notify affected clients.

2. Scope

Any event that compromises, or threatens to compromise, the confidentiality, integrity, or availability of company or client data or systems.

3. Severity levels

  • SEV-1 (Critical): Confirmed breach of client data or major outage. Immediate response.
  • SEV-2 (High): Likely security impact or significant degradation.
  • SEV-3 (Low): Limited or no confirmed impact; investigated during business hours.

4. Response phases

  1. Detect & report. Anyone can report a concern to security@backpack.works. Incidents are triaged and assigned a severity.
  2. Contain. Limit the scope — isolate systems, revoke credentials, block access.
  3. Eradicate. Remove the root cause.
  4. Recover. Restore systems and validate integrity.
  5. Post-incident review. Document the timeline, root cause, and corrective actions.

5. Roles

  • Incident Lead coordinates the response and decisions.
  • Communications owner manages internal and client notifications.
  • Engineering performs containment, eradication, and recovery.

6. Client notification

If an incident affects client data, we notify affected clients without undue delay, provide the information needed to meet their obligations, and cooperate with their response.

7. Review & testing

This plan is reviewed at least annually and tested through tabletop exercises.