{"section":"tutorials","requestedLocale":"en","requestedSlug":"security-incident-response-plan","locale":"en","slug":"security-incident-response-plan","path":"docs/en/tutorials/security/information-security-compliance/security-incident-response-plan.md","branch":"main","content":"VTEX has a structured Security Incident Response Plan designed to minimize risks, mitigate impact, and ensure a swift recovery from security incidents. This plan consists of the following phases: preparation; containment, eradication, and recovery; identification; communication; and post-incident activities.\n\n![security-incident-response-plan-en](https://cdn.statically.io/gh/vtexdocs/help-center-content/refs/heads/main/docs/en/tutorials/security/information-security-compliance/security-incident-response-plan_1.png)\n\n## 1. Preparation\n\nTo prevent security incidents, VTEX takes the following measures:\n\n* Assessing environment risks.\n* Implementing security baselines and applying patch updates regularly.\n* Enforcing least privilege access controls.\n* Safeguarding perimeter security.\n* Preventing malware infections.\n* Conducting security awareness campaigns.\n\n## 2. Containment, eradication, and recovery\n\nBefore taking corrective actions, VTEX collects, preserves, protects, and documents all evidence. \n\nAll assets involved in the incident must be preserved, and no evidence can be deleted or changed without proper authorization. If the evidence contains confidential information, encryption is mandatory.\n\nAfter resolving an incident, VTEX assesses whether other environments are exposed or have already suffered the same type of attack to address the root cause. The responsible team must re-establish uncompromised safeguards.\n\n## 3. Incident identification\n\nAn anomalous event is classified as a security incident if it affects the availability, integrity, or confidentiality of information, systems, or services, or if it results from improper access or an attack.\n\nVTEX also proactively initiates incident management in a preventive manner to avoid the escalation of anomalous events and mitigate potential impact.\n\n## 4. Communication\n\nThis procedure includes an integrated communication plan that is applied throughout all phases of the response. VTEX notifies customers who may have been affected by the incident within 24 hours of confirming the incident.\n\n## 5. Post-incident activities\n\nLessons learned and improvements from the incident response process are collected to improve security controls and to strengthen future incident management.\n\nThe objective is to analyze:\n\n* What happened and how.\n* What actions were taken.\n* Whether the response was effective.\n\n## Learn more\n\n* [Risk Assessment](/en/docs/tutorials/risk-assessment) \n* [VTEX Shared Responsibility Model](https://vtex.com/us-en/security/shared-responsibility-model/)\n* [Security Practices - VTEX](https://vtex.com/us-en/security/security-practices/)\n* [Security](https://developers.vtex.com/docs/guides/security)"}