Skip to main content

Incident Response

Junipa maintains an Incident Response Plan and a Data Breach Response Plan. This page summarises how we handle security incidents.

Incident Classification

SeverityDescriptionResponse time
CriticalActive data breach or total service outageWithin 1 hour
HighPotential data exposure or partial outageWithin 4 hours
MediumContained security event, no data exposureWithin 24 hours
LowMinor event, no impactWithin 72 hours

Detection

Junipa monitors for security incidents through:

  • GCP Cloud Monitoring (uptime, error rates, anomalies)
  • Firebase Authentication anomaly detection
  • Cloudflare WAF alerts
  • Firestore audit logs
  • User reports via info@junipa.com.au
  • Dependency vulnerability alerts

Response Process

  1. Detect -- Identify and log the incident
  2. Contain -- Isolate affected systems, preserve evidence
  3. Investigate -- Determine root cause, scope, and data impact
  4. Notify -- Inform affected schools within 24 hours of confirming a data breach
  5. Remediate -- Fix the vulnerability, deploy patches, verify
  6. Review -- Post-incident review within 7 days, update controls

School Notification

If a data breach involves personal information:

  • Affected schools are notified by email within 24 hours
  • The notification includes what happened, what data was affected, and what actions are being taken
  • Ongoing updates are provided until the incident is fully resolved

Regulatory Notification

If a breach meets the threshold for an eligible data breach under the Notifiable Data Breaches (NDB) scheme:

  • The Office of the Australian Information Commissioner (OAIC) is notified within 30 days
  • Affected individuals are notified (via schools, as data controllers)

Insurance

Junipa holds Professional Indemnity ($5M) and Broadform Liability ($20M) insurance through CGU (Insurance Australia Limited), providing breach response support including legal and forensics.

Reporting a Concern

If you suspect a security issue or data breach, contact us immediately:

Email: privacy@vastpuddle.com.au

General support: info@junipa.com.au