> ## Documentation Index
> Fetch the complete documentation index at: https://docs.medera.info/llms.txt
> Use this file to discover all available pages before exploring further.

# Incident Response

> How Medera handles security incidents

Medera's incident response process:

1. **Detect** — alerting on the WORM audit store, anomaly detection on access patterns, third-party threat intel
2. **Triage** — severity classification, scope assessment
3. **Contain** — credential revocation, traffic blocks, RLS verification
4. **Eradicate** — root cause remediation
5. **Recover** — service restoration with monitoring
6. **Notify** — breach notification within 24 hours to affected tenants, regulatory notification per HIPAA §164.408

Customer security contacts on file receive direct notification for any incident affecting their tenant.
