Incident Response Plan
Overview
Community Questions for Confluence is operated by Firnity / Lukasz Wiatrak as a solo-operated service. This plan describes a practical incident response process for one accountable operator, with Atlassian, cloud providers, affected third-party providers, customers, or outside specialists involved when needed.
The plan applies to the Atlassian Marketplace app, Confluence Cloud integration, backend services, database, backups, telemetry, secrets, deployment pipeline, operational accounts, cloud infrastructure, and third-party services that process app data.
The goal is to contain harm quickly, understand customer and data impact, fix the root cause, verify recovery, notify required parties, and record useful follow-up.
What counts as an incident
An incident is any actual or suspected event that could affect the security, confidentiality, integrity, or availability of the app or customer data. This includes:
- Unauthorized access to the app, infrastructure, source repositories, operational accounts, or customer data.
- Customer data exposure, cross-tenant data access, data loss, or unauthorized data modification.
- Compromised secrets, signing keys, OAuth tokens, webhook secrets, API keys, or database credentials.
- Active exploitation or a serious vulnerability that cannot safely wait for normal patching.
- A third-party provider incident that affects Community Questions or customer data.
- An issue in the app that materially affects Atlassian systems, Marketplace trust, or the app's ability to protect customer data.
Response steps
-
Triage and preserve evidence. Record the report source, time, affected systems, suspected customer impact, and immediate risk. Preserve relevant logs, alerts, deployment records, provider notices, and customer reports before cleanup where feasible.
-
Contain the issue. Stop further harm by rotating secrets, disabling affected paths, restricting access, blocking suspicious activity, pausing unsafe integrations, or coordinating with Atlassian and providers.
-
Assess impact. Determine what happened, when it started and ended, which customers or tenants may be affected, what data or credentials are involved, whether exploitation occurred, and whether the incident is still active.
-
Fix, deploy, and verify. Patch code, dependencies, permissions, configuration, infrastructure, or provider settings. Deploy the fix, verify the affected path, and monitor for recurring indicators.
-
Notify when required. Notify Atlassian, affected customers, providers, or other required parties when the facts, law, contract, Marketplace requirements, or incident impact require it.
-
Record lessons. Keep the incident note, root cause, decisions, remediation, notification status, and follow-up tasks. Update security controls or documentation when the incident exposes a practical gap.
Notification
When a Marketplace app incident affects the app, customer data, Atlassian systems, or the app's ability to protect customer data, Firnity follows the current Atlassian Marketplace incident process. When Atlassian notification is required, the operator raises a P1 incident ticket within 24 hours of becoming aware of the incident and provides updates as material facts change.
Customer notices are sent when required by law, contract, Atlassian guidance, or incident impact. Notices are factual and avoid speculation. They explain what happened, the likely time period, affected data types, actions already taken, actions customers should take if any, and how to contact support.
Current Atlassian references:
- Atlassian Marketplace Security Enforcement Policy
- Atlassian App security incident management guidelines
- Atlassian Partner Security Incident Response Program
Records and review
Incident records are restricted to people or providers who need access for response, legal, privacy, or operational reasons. They contain only what is needed to understand and close the incident: timeline, detection source, affected systems and customers, evidence reviewed, containment decisions, fixes, verification, notification status, root cause, and follow-up tasks.
Secrets, private keys, access tokens, raw authorization headers, and unnecessary personal data are not stored in incident records.
This plan is reviewed after material incidents, meaningful app or infrastructure changes, and changes to Atlassian Marketplace incident guidance.
Contact
Security issues and suspected incidents can be reported to support@communityquestions.io.
Last updated: 2026-07-03