Version: 3.0
Effective Date: February 9, 2026
Last Reviewed: February 9, 2026
Document Owner: Alex Linnik, CTO
Next Review: February 2027
1. Purpose
This Incident Response Policy establishes VirtoSoftware’s procedures for detecting, responding to, and recovering from cybersecurity incidents. The policy ensures consistent, effective incident management that protects customer data, maintains service availability, and meets regulatory requirements including GDPR.
VirtoSoftware operates a zero-access architecture where customer data remains in the customer’s Microsoft 365 tenant. This policy focuses on protecting VirtoSoftware’s infrastructure, OAuth credentials, and application code while ensuring rapid response to any security events.
2. Scope and Incident Classification
This policy applies to all security incidents affecting VirtoSoftware’s Azure infrastructure, applications, OAuth integrations, employee accounts, and development systems.
For more information