Incident Management and Response Policy

Effective Date: February 2026

HE365 maintains a formal Incident Management and Response Policy to ensure the timely detection, containment, and resolution of security events affecting the platform or its integrations, including those connected to third-party marketplaces such as Zoom.

1. Incident Detection

HE365 employs continuous monitoring, automated alerting, and anomaly detection systems to identify potential security incidents in real time. Sources include:

  • Infrastructure and application monitoring systems
  • Intrusion detection and prevention systems (IDS/IPS)
  • User-reported issues and internal audits

2. Containment

Upon confirmation of an incident, immediate containment measures are enacted to limit the scope and impact. This may include:

  • Isolation of affected systems or services
  • Revocation of compromised credentials or tokens
  • Temporary suspension of impacted integrations

3. Root Cause Analysis and Elimination

A structured root cause analysis is performed following containment. Corrective actions are implemented to eliminate the vulnerability or failure point, and preventive controls are updated to reduce the likelihood of recurrence.

4. Notification

HE365 is committed to transparent communication in the event of a confirmed security breach:

  • 72-hour notification — Affected users and relevant authorities will be notified within 72 hours of incident confirmation, in compliance with applicable regulations
  • Third-party notification — Relevant third-party platforms (e.g., Zoom) will be notified promptly if an incident involves data or services connected to their marketplace

5. Post-Incident Review

Following resolution, a post-incident review is conducted to:

  • Document lessons learned
  • Update response playbooks and procedures
  • Strengthen security controls based on findings

6. Governance

Incident response processes are reviewed and tested periodically to ensure readiness. The policy aligns with:

  • SOC 2 Type II incident management requirements
  • ISO/IEC 27001 Annex A controls
  • Applicable breach notification regulations

Contact

To report a security incident or for questions regarding this policy:

Hybrid Event 365, Inc.
Email: [email protected]
Website: www.hybridevent365.com