Version: 2.1
Effective Date: September 17, 2025
Last Reviewed: November 17, 2025
Document Owner: Alex Linnik, CTO
Next Review: September 2026
1. Purpose
This Incident Response Policy establishes VirtoSoftware’s procedures for detecting, responding to, and recovering from cybersecurity incidents. The policy ensures consistent, effective incident management that protects customer data, maintains service availability, and meets regulatory requirements including GDPR.
VirtoSoftware operates a zero-access architecture where customer data remains in the customer’s Microsoft 365 tenant. This policy focuses on protecting VirtoSoftware’s infrastructure, OAuth credentials, and application code while ensuring rapid response to any security events.
2. Scope and Incident Classification
This policy applies to all security incidents affecting VirtoSoftware’s Azure infrastructure, applications, OAuth integrations, employee accounts, and development systems.
For more information