Incident response runbook
How we detect, contain, and recover from security incidents — with customer notification within 24 hours per the DPA.
What we commit to
These commitments are written into the MSA / DPA at signing — published here so prospects can verify without needing the full playbook.
- Customer notification within 24 hours of confirmed incident (DPA Clause 9)
- P0/P1 acknowledgement within 1 hour on Enterprise tier (MSA SLA)
- Regulatory notification per GDPR 72-hour rule + DPDP Act 2023 §8(6)
- Post-incident report shared with affected customers; root cause + remediation
- Annual tabletop exercise; results summary shared on request
Full runbook available under NDA
Full runbook covers: 6-phase response framework (Detect → Triage → Contain → Eradicate → Recover → Lessons Learned), on-call rotation, severity definitions (P0–P3), war-room invocation, communication templates, regulatory notification matrix per jurisdiction, and the post-incident review template.
We previously published this runbook in full publicly. After a security review we've moved the implementation detail under NDA — pre-prepared, clickwrap NDA, typical turnaround 3 business days. The high-level commitments above stay public so you don't need the NDA pack just to verify the basics.
Request the full runbookPublic security artifacts (no request needed)
- ← Trust Center — controls, compliance status, verifiable parameters
- status.getleanos.com — real-time uptime + incident history
- Vulnerability disclosure policy — coordinated disclosure + safe harbor for researchers
- Subprocessors — every vendor that touches customer data