top of page

Breach Incident Response Plan (BIRP)


This document outlines the Breach Incident Response Plan for QuestionWell, a pioneering AI teaching tool committed to upholding the highest standards of data security and integrity. Our approach is designed to ensure quick and effective responses to any security incidents, thereby minimizing potential impacts on our customers and swiftly restoring normal operations.


This plan encompasses all components of the QuestionWell platform, including customer data, application integrity, network infrastructure, and dependencies on third-party services.


  • Rapid Detection and Assessment: Quickly identify and evaluate the extent of a security breach.

  • Containment and Mitigation: Limit the breach's spread and impact while protecting sensitive data.

  • Eradication and Recovery: Remove the threat and restore affected services to full functionality.

  • Notification and Communication: Ensure timely and transparent communication with affected stakeholders.

  • Post-Incident Analysis: Learn from the incident to prevent future breaches.

Incident Response Team (IRT)

William Cummings serves as the Incident Response Officer (IRO), responsible for all aspects of the incident response process, supported by external cybersecurity consultants and legal advisors as necessary.


  • Incident Detection and Analysis

  • Incident Containment, Eradication, and Recovery

  • Communication with Stakeholders

  • Coordination with External Experts

  • Documentation and Reporting of the Incident

Incident Response Phases

1. Preparation

Security Measures in Place

  • Data Backups: We implement both incremental and full database backups to ensure data can be restored swiftly after a breach.

  • System Monitoring: Our systems are continuously monitored for intrusion using Microsoft Defender, providing real-time alerts and threat intelligence.

  • Endpoint Security and Training: Only secure company-supplied devices are allowed to access our systems, and employees agree to a cybersecurity policy governing their use.

  • Security Tools and Practices: Regular updates and patches are applied to our systems, along with penetration testing to identify and mitigate vulnerabilities.

2. Detection and Analysis

Anomalies and potential breaches are detected using Microsoft Defender, with immediate assessment to understand the scope and impact.

3. Containment, Eradication, and Recovery

  • Immediate Actions: Disconnect affected systems to contain the breach.

  • Eradication and Recovery: Remove threats and restore systems and data from backups, ensuring a return to normal operations with minimal downtime.

4. Notification

  • Customer Communication: Affected customers are notified with details about the breach and recommended protective steps.

  • Regulatory Compliance: Breaches are reported as required by law, ensuring compliance with data protection regulations.

5. Post-Incident Analysis

A thorough review and debriefing identify improvements to security posture and response strategies, with lessons learned integrated into future planning.

Continuous Improvement

This BIRP is reviewed and updated regularly to incorporate new security technologies, address emerging threats, and reflect insights from past incidents.


QuestionWell is dedicated to maintaining transparency, agility, and resilience in cybersecurity, safeguarding our customers' data with a robust and proactive approach.

bottom of page