Tribe AccredAI
Tribe AccredAICompliance OS
 Back to home
Trust Center

Incident Response & Security Notification Policy

Tribe AccredAI maintains a documented process for responding to suspected security incidents that may affect institutional information.

Last Updated: May 2026

1. Identification

Suspected incidents are identified through infrastructure monitoring, internal review, customer reports, and disclosures from our subprocessors. Reports may be submitted to security@tribeaccredai.com.

2. Containment

Upon confirmation, we take immediate steps to limit the scope of the incident — revoking compromised credentials, isolating affected systems, and restricting access where appropriate.

3. Investigation

We investigate to determine the nature of the incident, the systems and data potentially affected, the time window involved, and the root cause. Evidence is preserved in support of forensic analysis and customer notification.

4. Remediation

We remediate the underlying issue, restore affected services, and apply preventative measures — including software updates, control changes, and process improvements as appropriate.

5. Customer notification

In the event of a confirmed security incident affecting institutional information, Tribe AccredAI will notify affected organizations without unreasonable delay and in accordance with applicable contractual obligations.

For confirmed unauthorized acquisition, access, use, or disclosure of education records covered by FERPA, we commit to notifying the affected institution without undue delay and in any event within seventy-two (72) hours, consistent with the FERPA Addendum to our Data Processing Agreement.

Notifications will include, to the extent then known:

  • the nature of the incident,
  • the categories of data potentially affected,
  • the likely consequences,
  • the measures taken or proposed to address the incident, and
  • a point of contact for follow-up questions.

6. Post-incident review

After resolution, we conduct an internal post-incident review to capture lessons learned and update our controls, runbooks, and training. Material outcomes that affect customers are communicated through routine trust-center updates.

Reporting a suspected incident

To report a suspected security vulnerability, unauthorized access, or incident, contact security@tribeaccredai.com. We take responsible disclosure seriously and acknowledge reports promptly.