Incident Response

Incident response

BKB Voice maintains a documented incident response plan covering detection, classification, containment, notification and post-incident review. The plan is tested at least annually and revisited after every SEV-1 or SEV-2 event.

Last reviewed: April 22, 2026

IC page target

≤ 15 minutes (SEV-1/2)

Customer notification

≤ 72 hours of confirmation

Post-mortem

≤ 10 business days

Phases

Detection

Events from the audit log, application error stream and vendor security notifications are reviewed on the on-call rotation and during business hours by the security team. Anomalous rate-limit denials, validation failures and authentication errors are triaged as early-warning signals.

Triage & classification

Suspected incidents are classified against a four-level severity scale (SEV-1 critical → SEV-4 informational). SEV-1 and SEV-2 incidents trigger the incident commander rotation within fifteen (15) minutes.

Containment

The incident commander coordinates scoping and containment: revoking credentials, isolating affected components, blocking malicious traffic, rotating secrets and disabling compromised integrations as required.

Eradication & recovery

The root cause is identified, the vulnerability removed, affected systems restored from a known-good state, and elevated monitoring kept in place for a minimum of seventy-two (72) hours after recovery.

Notification

Customers whose data is confirmed affected are notified without undue delay and within seventy-two (72) hours of confirmation, via their designated contact. Regulatory notification (e.g. GDPR Art.33) is handled by the Privacy Officer.

Post-incident review

A blameless post-mortem is produced within ten (10) business days. Findings, remediation tasks and owners are recorded in the SecurityIncident register and tracked to closure.

Severity scale

Severity	Example	Response
SEV-1 · Critical	Confirmed exposure of customer PII; public breach; availability < 50%.	IC paged within 15 min; exec notified; customer comms in parallel.
SEV-2 · High	Partial availability impact; suspected PII exposure under investigation.	IC paged; status page updated; customer comms when confirmed.
SEV-3 · Medium	Isolated functional bug; latency elevated; auth flow degraded for a subset.	Addressed in business hours; status page if customer-visible.
SEV-4 · Low / informational	Single error, transient spike, resolved automatically.	Logged and reviewed during next risk review.

Reach us

Security: [email protected]
Privacy: [email protected]
Trust & compliance: [email protected]