This document outlines David Simpson Apps' security incident management procedures for marketplace applications.
Definitions
Security incident: Unauthorized access, acquisition, use, disclosure, modification, or destruction of end user information; compromise of app security; or issues that materially degrade monday.com systems.
End user data: Any information provided by end users, including personal data, content, code, video, images, or other materials of any type.
Incident Response Process
1. Investigation
Identify root causes, confirm potential data compromise, determine the duration of the incident, and identify affected users and any compromised information.
2. Notification to monday.com
Promptly notify monday.com at appsupport@monday.com. Your notification should address:
- Incident category and scope
- Impact on end user data
- Data types affected
- Resolution timeframe
- Containment measures taken
- Communication plans
- Root cause identification
- Remedial actions
- Contact details
3. Containment
Rapid containment is essential to prevent further impact. This may include temporary app delisting from the marketplace.
4. Remedial Measures
Take corrective action to prevent similar future incidents.
5. Customer Notification
When possible, we will notify affected customers within 72 hours of identifying an incident.
6. Post-Incident Review
Assess remaining indicators of compromise, identify process improvements, and enhance logging and preventive controls.