Purpose #
This article explains how Shopstars manages incidents such as breaches, outages, or compromised accounts. It covers how incidents are detected, how responses are prioritized, what recovery steps are taken, and how accountability is documented. Clients should use this as the reference for understanding what to expect if a security or availability issue arises.
Why Incident Response Matters #
Even with strict security practices, no system is immune to incidents. A payment gateway outage, compromised staff account, or DNS misconfiguration can disrupt operations. A structured response process minimizes downtime, protects sensitive data, and restores client confidence.
Incident Classification #
Critical Incidents
- Storefront outage (customers cannot access the store)
- Checkout failure or payment processor outage
- Security breach exposing customer or payment data
- DNS hijack or SSL failure
High-Priority Incidents
- Malicious app behavior or injected code
- Pixel or analytics disruption affecting attribution
- Elevated fraud levels or repeated suspicious orders
Standard Incidents
- Broken layouts caused by recent code changes
- Isolated app errors not affecting checkout
- Partial service degradation with workarounds available
Detection and Monitoring #
- Shopify activity logs are monitored for unusual behavior.
- Client-reported issues in Basecamp or Slack are logged immediately.
- Third-party monitoring tools may detect DNS failures, SSL errors, or pixel drop-offs.
- Security scans and quarterly audits identify vulnerabilities before they escalate.
Response Workflow #
1. Containment
- Access credentials are revoked for any compromised accounts.
- Malicious code or apps are disabled.
- Affected services are isolated to prevent further damage.
2. Communication
- Clients are notified in Basecamp immediately when an incident is confirmed.
- For critical incidents, updates are provided every few hours until resolution.
- Documentation includes what was detected, potential impact, and current status.
3. Resolution
- Developers, strategists, and support staff collaborate to fix the root cause.
- Shopify Support and third-party providers (apps, hosting, payment gateways) are engaged as needed.
- Testing is performed in staging before re-deploying fixes to production, unless urgent hotfixes are required.
4. Recovery
- Normal operations are restored.
- QA confirms that checkout, analytics, and integrations function correctly.
- DNS, SSL, or app functionality is validated across multiple devices.
5. Post-Incident Review
- A written summary is posted in Basecamp within 72 hours.
- The review includes root cause, timeline of events, corrective actions, and preventative measures.
- Recommendations for client-side changes (e.g., enabling 2FA, updating privacy policy) are included.
Recovery Standards #
- Critical incidents: Containment begins within 1–2 hours of detection during business hours.
- High-priority incidents: Investigated within one business day.
- Standard incidents: Scheduled for the next sprint or retainer cycle.
Client Responsibilities #
Clients must:
- Report incidents immediately in Basecamp with as much detail as possible.
- Avoid making emergency changes to code, DNS, or apps without coordination.
- Follow recommendations from Shopstars on preventative actions (e.g., credential rotation, 2FA).
- Notify Shopstars of any parallel communication with Shopify or third-party providers.
Summary #
Incident response and recovery at Shopstars is structured around detection, containment, communication, resolution, and post-incident review. Critical issues are prioritized immediately, and all incidents are documented transparently in Basecamp. Clients are expected to report issues promptly and follow preventative best practices. This process ensures that disruptions are minimized, root causes are identified, and future incidents are prevented.
