Skip to main content
Doris maintains a documented incident response program designed for rapid detection, containment, and transparent communication.

Customer Notification

If Doris confirms a security incident that materially affects customer data, we will notify affected customers in accordance with applicable law and contractual obligations. Notification timing and detail may vary based on the facts of the incident, legal constraints, and the need to avoid interfering with containment or investigation.
  • Initial notices are intended to provide a summary of the incident and known impact at the time
  • Additional details may be provided as the investigation develops and facts are confirmed
  • We cooperate with reasonable customer compliance requests as required by law and contract

Incident Response Process

Our documented incident response plan follows industry-standard phases:
1

Detection & Triage

Security events are detected through monitoring, alerting, and anomaly review. Incidents are prioritised based on severity and business impact.
2

Containment

Immediate actions are taken to limit scope and impact, which may include session revocation, access restrictions, or network controls as appropriate.
3

Eradication

Root cause is investigated and addressed. Affected systems are remediated and hardened as needed.
4

Recovery

Services are restored in a controlled manner with additional monitoring to confirm stability.
5

Post-Incident Review

A retrospective analysis identifies lessons learned and informs follow-up improvements to controls and processes.

Security Event Logging

Doris maintains audit logging for security-relevant events, which may include:
  • Authentication events — Login attempts, session creation, and related account activity
  • Administrative actions — Sensitive configuration and permission changes
  • Privileged access anomalies — Unusual or unauthorized access attempts
  • Data access patterns — Signals used to detect anomalous behavior

Log Protection

  • Logs are stored in centralised monitoring infrastructure
  • Log access is restricted to authorized personnel and systems
  • Logging pipelines include controls intended to reduce tampering and malformed log input risks

Monitoring & Alerting

  • Centralised monitoring via commercial observability tooling
  • Alerting for security-relevant events and anomalies
  • Health checks on core production services
  • Certificate monitoring with expiry alerting where supported

Incident Response Capabilities

In the event of a security incident, Doris may take measures such as:
  • Revoke sessions or credentials to reduce account compromise risk
  • Restrict or disable affected accounts where necessary to contain impact
  • Apply network or service isolation measures to affected components
  • Increase monitoring and access controls during investigation and recovery
To report a security concern, contact security@meetdoris.com.