Outschool has a standard process for responding to potential security threats. When a customer, team member or any one else reports an incident, Outschool will notify the relevant teams and begin investigation.
If Outschool believes that an unauthorized third party has compromised or gained access to a customer’s personal information, we take the following steps:
Verify the attacker is out of the systems and can no longer do substantial harm.
Identify any affected customers and data. Inform the impacted customers as quickly as possible.
Identify the root cause of the breach, and prevent future occurrences.
If the breach is material and impacts many customers, coordinate with external legal and security resources to respond appropriately.
When communicating with impacted customers, we will include the following information:
How the information was accessed (read-only, edit, etc)
The actual information the third party gained access to
How we’ve stopped the immediate access issue
What changes we will take to prevent this from happening in the future
If you have any questions, please email firstname.lastname@example.org.