We use cookies on this website to give you the best experience. To find out more, read our Privacy Policy.

Professional SolutionsMap

Incident Response Procedure

Incident Response Procedure

AirGradient maintains an incident response process so that potential incidents are handled consistently and appropriately.

The process is designed to:

  • Identify and triage suspected incidents.
  • Protect customer, user, monitor, support, and operational data.
  • Contain and investigate security or privacy issues.
  • Restore affected systems or data where needed.
  • Communicate with customers, users, regulators, or partners where legally or contractually required.
  • Record lessons learned and improve controls after significant incidents.

Incident Types

AirGradient's incident response process may apply to:

  • Unauthorized access to systems or data.
  • Exposed credentials, API keys, secrets, or tokens.
  • Malware, vulnerability exploitation, or suspicious infrastructure activity.
  • Accidental disclosure of private customer, user, support, or monitor data.
  • Incorrect publication of private or inaccurate public monitor data.
  • Loss, corruption, or accidental deletion of important data.
  • Major service outage or significant service degradation.
  • Vendor or subprocessor incident affecting AirGradient services.

Roles and Ownership

For a significant incident, AirGradient assigns appropriate owners for coordination, technical investigation, communications, privacy or legal assessment, and recovery.

Depending on the incident, the response may involve engineering, infrastructure, support, product, privacy, leadership, or vendor contacts.

Incident Intake and Triage

Potential incidents may be identified through monitoring, staff reports, customer reports, support requests, vulnerability disclosures, vendor notices, application errors, logs, or public data quality checks.

Initial triage considers:

  • What happened?
  • Which systems, customers, users, or data may be affected?
  • Whether the issue is ongoing?
  • Whether data confidentiality, integrity, or availability is affected?
  • Whether public data feeds, APIs, dashboards, or customer deployments need temporary restrictions?
  • Whether legal, contractual, customer, or regulator notification may be required?

Response Process

AirGradient's general incident response process is:

  1. Receive and record the potential incident.
  2. Assign an incident owner.
  3. Triage severity and affected scope.
  4. Contain the issue where possible.
  5. Preserve relevant evidence where needed.
  6. Investigate root cause and impact.
  7. Eradicate the issue, such as by patching, disabling access, correcting data, or rotating credentials.
  8. Recover affected systems or data.
  9. Communicate with affected customers, users, regulators, vendors, or partners where required.
  10. Document the outcome and improvement actions.

The exact steps depend on the incident type, severity, customer agreement, legal requirements, and operational risk.

Containment and Recovery

Containment actions may include:

  • Disabling or restricting affected accounts, credentials, API keys, or tokens.
  • Blocking suspicious traffic or access paths.
  • Pausing affected jobs, integrations, public feeds, or exports.
  • Taking affected systems offline where needed.
  • Applying patches or configuration changes.
  • Restoring data from backup or known-good sources.
  • Correcting public data or removing incorrect data from AirGradient-controlled channels.

For incidents involving public data, AirGradient prioritizes preventing further incorrect or unauthorized publication. Data already downloaded, cached, republished, or redistributed by third parties may not be fully recoverable by AirGradient.

Where AirGradient acts as processor for a customer, AirGradient notifies the customer as required by the relevant agreement so the customer can make controller decisions.

Communications

AirGradient communicates about incidents where appropriate and required.

Communications may include:

  • Internal updates to response teams and leadership.
  • Customer notices for affected professional deployments.
  • User notices where user data or account security is affected.
  • Vendor or subprocessor coordination.
  • Regulator notices where legally required.
  • Public status or service updates for significant availability or data integrity incidents.

Incident communications aim to be accurate, timely, and proportionate. Early notices may be updated as investigation facts become clearer.

AirGradient also maintains a public server status page for service availability information:

AirGradient Server Status

Post-Incident Review

After significant incidents, AirGradient reviews what happened and identifies improvement actions.

The review may include:

  • Root cause.
  • Timeline.
  • Data and systems affected.
  • Containment and recovery actions.
  • Communication handling.
  • Security, privacy, monitoring, backup, process, or documentation improvements.
  • Follow-up owners and target dates.

Contact

Security, privacy, incident, or reliability questions can be sent to support@airgradient.com.

Your are being redirected to AirGradient Dashboard...