JobsiteOn

Incident Response Process

How JobsiteOn handles security incidents, including detection, containment, communication timelines, and post-mortem procedures.

Maya Thompson
Written by Maya ThompsonUpdated 2 days ago2 min readBeginner

What this guide covers

This guide explains how JobsiteOn detects, responds to, and communicates about security incidents. Understanding our process helps you know what to expect if an incident affects your workspace.

Incident response phases

1. Detection

Automated monitoring systems detect potential incidents through:

  • Anomaly detection on API traffic patterns.
  • Intrusion detection systems (IDS).
  • Automated vulnerability scanning.
  • Error rate and latency monitoring.
  • Customer and employee reports.

2. Triage (within 30 minutes)

The on-call security team assesses:

  • Severity -- critical, high, medium, or low.
  • Scope -- which systems and customers are affected.
  • Data impact -- whether customer data was accessed or compromised.

Screenshot: A severity classification matrix showing four levels with definitions and response time commitments.

3. Containment

Affected systems are isolated to prevent further impact. This may include:

  • Revoking compromised credentials.
  • Blocking suspicious IP addresses.
  • Isolating affected services.

4. Eradication

The root cause is identified and eliminated. Patches are applied and verified.

5. Recovery

Systems are restored and verified to be operating normally. Additional monitoring is applied to confirm the incident is fully resolved.

6. Communication

Severity Notification timeline
Critical Within 24 hours of confirmation
High Within 72 hours of confirmation
Medium In the next regular security advisory
Low No individual notification (logged only)

Animation: A timeline showing the six incident response phases from detection through communication, with time markers.

7. Post-mortem

Every incident results in a written analysis that includes:

  • What happened and when.
  • How it was detected.
  • What the impact was.
  • What actions are being taken to prevent recurrence.

Tip: Subscribe to status page updates to receive real-time notifications during active incidents. See Check Platform Status.

Note: If you believe your workspace has been affected by a security incident, contact security@jobsiteon.com immediately. Do not wait for a notification.

Did this answer your question?

Related Articles