Back to Compliance Portal

Compliance document

Incident Response Plan Overview

Overview of how VerbalCheck receives, triages, remediates, and communicates security incidents.

Status

Published overview

Effective date

June 2026

Audience

Institutional buyers, IT operations, privacy officers, and security reviewers

Reporting and intake

  • Security reports should be sent to security@verbalcheck.com.
  • Reports should include reproduction steps, affected systems, impact, and suggested remediation where available.
  • VerbalCheck targets an initial response within 48 hours for vulnerability reports.

Response lifecycle

  • Triage severity, affected users, affected data, and exploitability.
  • Contain active risk by disabling access, rotating credentials, patching code, or changing configuration as needed.
  • Remediate the root cause and validate the fix before promotion.
  • Document timeline, impact, remediation, and follow-up actions.

Notification

Customer and regulatory notifications depend on the nature of the incident, applicable law, contractual terms, data affected, and institutional role. VerbalCheck should coordinate with affected institutions before issuing customer-specific statements where practical and lawful.