Incident Response & Platform Security
Devicely maintains a formal Incident Response Plan (IRP) for our cloud platform and operations. This page summarizes how we approach incidents at a high level. Detailed internal runbooks, tooling, and timelines are not published publicly, but our program aligns with our security commitments and frameworks such as SOC 2-related expectations.
Reporting a security issue: If you believe you have found a vulnerability or security issue affecting Devicely, please contact us through the Support page so we can triage and respond appropriately. For urgent or critical incidents, use the severity options available in the contact form.
Detection & monitoring
We use layered monitoring, logging, and alerting across our platform and infrastructure. Suspected security events are triaged by our operations and security-aligned processes to determine scope and severity.
Containment, eradication & recovery
When an incident is confirmed, we follow structured response steps: limit scope where appropriate, remediate root causes, validate systems, and restore normal service. Actions are documented for post-incident review.
Data protection & access
Controls such as encryption, access management, and tenant isolation are part of our security posture. Response activities are carried out in line with our policies and applicable regulatory expectations.
Post-incident review
After significant incidents we review what happened, what we learned, and what we will improve (process, tooling, or controls). This supports continuous improvement of the platform.
Customer communication
If an incident materially affects customer data or the service, we communicate in line with our obligations, contractual terms, and our Privacy Policy and related notices. We may use email, in-product messaging, and updates on our Status page when appropriate.
What we do not publish
We do not publish full internal IR playbooks, forensic details of past incidents, or confidential third-party assessments. Enterprise customers and partners may request additional information under NDA where applicable.
Related pages