Skip to content
Clicki Referrals Trust Center
Clicki Referrals Trust Center

Clicki Incident Response Plan

Purpose

This Incident Response Plan defines how Clicki Referrals detects, responds to, contains, and recovers from security incidents and data-related events. The objective is to minimize impact, protect customer data, restore services quickly, and ensure appropriate communication and documentation.

Scope

This plan applies to all Clicki systems, infrastructure, applications, data stores, logs, third-party services, and personnel involved in operating or supporting the platform.

Definition of an Incident

A security incident is any event that may compromise the confidentiality, integrity, or availability of Clicki systems or data.

Examples include:

  • Unauthorized access to systems or data

  • Exposure or leakage of personal or customer data (PII)

  • Compromised credentials, API keys, or tokens

  • Suspicious activity or abnormal system behavior

  • Service outages or degradation impacting customers

  • Third-party provider security events affecting Clicki data

Incident Severity Levels

Severity 1 (Critical)

  • Confirmed data breach or PII exposure

  • Active unauthorized access to production systems

  • Major service outage affecting multiple customers

Severity 2 (High)

  • Suspected data exposure

  • Compromised credentials or systems with limited scope

  • Significant service degradation

Severity 3 (Medium)

  • Isolated system issues or minor security concerns

  • Non-critical service disruptions

Severity 4 (Low)

  • Informational events or low-risk anomalies

Roles and Responsibilities

Incident Lead

  • Coordinates response activities

  • Makes decisions on containment and escalation

  • Ensures documentation is completed

Engineering / Technical Team

  • Investigates root cause

  • Implements containment and remediation actions

  • Restores system functionality

Operations / Support

  • Communicates with affected customers as directed

  • Assists with identifying impact scope

Management

  • Approves external communications

  • Handles legal, contractual, or regulatory considerations

Incident Response Process

1. Detection and Reporting

Incidents may be detected through monitoring, alerts, logs, customer reports, or third-party notifications.

All personnel must report suspected incidents immediately through designated communication channels.

2. Triage and Classification

  • Assess the nature and scope of the incident

  • Assign severity level

  • Identify affected systems, data, and customers

3. Containment

Take immediate steps to limit impact:

  • Revoke or rotate compromised credentials

  • Restrict or disable access to affected systems

  • Isolate impacted services or infrastructure

  • Block malicious traffic or actors

4. Investigation

  • Analyze logs, metrics, and system behavior

  • Determine root cause and attack vector

  • Identify data accessed, modified, or exposed

  • Document timeline of events

5. Eradication and Remediation

  • Remove vulnerabilities or malicious artifacts

  • Apply patches or configuration changes

  • Strengthen controls to prevent recurrence

6. Recovery

  • Restore systems to normal operation

  • Validate system integrity and performance

  • Monitor for recurrence or abnormal activity

7. Communication

Internal communication:

  • Keep relevant stakeholders informed during the incident

External communication:

  • Notify affected customers when appropriate

  • Provide clear, accurate, and timely updates

  • Comply with contractual or legal notification requirements

8. Post-Incident Review

  • Conduct a post-mortem analysis

  • Identify root cause and contributing factors

  • Document lessons learned

  • Define and track corrective actions

Evidence and Logging

  • Preserve relevant logs and system data for investigation

  • Avoid altering or deleting evidence during an active incident

  • Maintain an audit trail of actions taken during response

Third-Party Incidents

If an incident originates from or involves a third-party provider:

  • Engage the provider immediately

  • Assess impact to Clicki systems and data

  • Coordinate response and communication as needed

Data Breach Considerations

For incidents involving potential exposure of personal or customer data:

  • Determine type and volume of data affected

  • Identify impacted customers or users

  • Evaluate notification obligations

  • Coordinate with legal or advisory resources if necessary

Testing and Training

  • Periodically review and update this plan

  • Conduct tabletop exercises or simulated incidents when feasible

  • Ensure personnel understand their roles and responsibilities

Enforcement

Failure to follow this plan may result in delays in response, increased impact, and potential disciplinary action.

Ownership and Review

This plan is owned by Clicki management and/or the designated security owner. It must be reviewed at least annually or after any major incident.

Powered by Plain