Hop And Haul Policies

Appearance

Incident Response Procedures

Document ID: PLCY-INC-001
Effective Date: December 22, 2025
Last Review: December 22, 2025
Owner: Hop And Haul Team

CONFIDENTIAL

This document is CONFIDENTIAL and for internal use only. Do not distribute outside the organization.

1. Purpose

This document defines the incident response procedures for Hop And Haul, covering operational incidents, safety events, security breaches, and regulatory issues to ensure timely detection, response, and resolution.

2. Incident Categories

2.1 Operational Incidents

Incident TypeSeverityResponse Time
Route deviation (minor)Low30 minutes
Route deviation (major)Medium15 minutes
Unplanned stop (short)Low30 minutes
Unplanned stop (extended)Medium15 minutes
Ride cancellation mid-tripMediumImmediate
Driver unresponsiveHighImmediate
Vehicle breakdown during rideHighImmediate

2.2 Safety Incidents

Incident TypeSeverityResponse Time
HOS violation during rideHighImmediate
Vehicle safety alertHighImmediate
Accident/collisionCriticalImmediate
Driver incapacitationCriticalImmediate
Passenger injuryCriticalImmediate
Aggressive driving reportMedium15 minutes

2.3 Security Incidents

Incident TypeSeverityResponse Time
Unauthorized access attemptHigh15 minutes
Data breach (suspected)CriticalImmediate
Data breach (confirmed)CriticalImmediate
Account compromiseHigh15 minutes
System intrusionCriticalImmediate
Insider threatCriticalImmediate
API abuseMedium1 hour

2.4 Compliance Incidents

Incident TypeSeverityResponse Time
DOT inquiry receivedHighSame business day
Insurance coverage gap discoveredHigh4 hours
Audit finding (critical)High24 hours
Audit finding (non-critical)Medium5 business days
Privacy complaintMedium24 hours
Data retention violationMedium24 hours

3. Incident Response Team

3.1 Team Structure

RoleResponsibilityContact Method
Incident CommanderOverall response coordinationPagerDuty escalation, incident-commander@fleetlink.example.com
Operations LeadOperational incident handlingPagerDuty escalation, ops-lead@fleetlink.example.com
Safety LeadSafety incident handlingPagerDuty escalation, safety@fleetlink.example.com
Security LeadSecurity incident handlingPagerDuty escalation, security@fleetlink.example.com
Legal/ComplianceRegulatory incident handlingDirect phone, legal@fleetlink.example.com
CommunicationsInternal/external communicationsDirect phone, comms@fleetlink.example.com
Technical LeadSystem investigation/remediationPagerDuty escalation, tech-lead@fleetlink.example.com

3.2 Escalation Path 

Level 1: On-call Operations
    ↓ (if unresolved in 15 min or High severity)
Level 2: Department Lead
    ↓ (if unresolved in 30 min or Critical severity)
Level 3: Incident Commander
    ↓ (if Critical or regulatory implications)
Level 4: Executive Leadership

4. Detection & Alerting

4.1 Automated Detection

Monitoring SourceDetected Incidents
GPS trackingRoute deviations, unplanned stops
ELD integrationHOS violations
Samsara alertsVehicle safety issues
Application monitoringSystem errors, API issues
Security monitoringAccess anomalies, intrusion attempts
Log analysisPattern-based threat detection

4.2 Manual Reporting

ReporterReporting Method
DriversIn-app incident report
OperationsDashboard alert creation
External partiesSupport contact
RegulatorsFormal notification

4.3 Alert Routing

SeverityNotification Method
CriticalPhone call + SMS + Email + App alert
HighSMS + Email + App alert
MediumEmail + App alert
LowApp alert + Dashboard

5. Response Procedures

5.1 Immediate Response (All Incidents)

StepActionTimeline
1Acknowledge incidentWithin alert SLA
2Assess severity and impact5 minutes
3Escalate if necessaryPer escalation path
4Begin containmentImmediate
5Document initial findingsConcurrent

5.2 Route Deviation Response

StepActionOwner
1System detects deviationAutomated
2Alert sent to OperationsAutomated
3Contact driver for statusOperations
4Assess reason (traffic, emergency, etc.)Operations
5If unexplained, escalate to SafetyOperations
6Document incident and resolutionOperations

5.3 HOS Violation Response

StepActionOwner
1ELD integration detects violationAutomated
2Immediate alert to Operations + SafetyAutomated
3Contact driver with stop directiveSafety
4Arrange alternative transport for passengerOperations
5Document violation per DOT requirementsSafety
6Post-incident reviewSafety

5.4 Insurance Coverage Gap Response

StepActionOwner
1Gap detected during validationAutomated
2Affected matches blockedAutomated
3Operations notifiedAutomated
4Insurance team contactedOperations
5Coverage restored and verifiedInsurance
6Matching re-enabledOperations

5.5 Unauthorized Access Response

StepActionOwner
1Anomaly detected in access logsAutomated
2Security team alertedAutomated
3Suspicious session terminatedSecurity
4Account suspended pending reviewSecurity
5Forensic analysis initiatedSecurity
6User contacted (if legitimate)Security
7Access restored or permanently revokedSecurity

5.6 Data Breach Response

StepActionOwnerTimeline
1Breach detected or reportedVariousT+0
2Incident Commander activatedSecurityT+15 min
3Containment measures implementedTechnicalT+30 min
4Scope and impact assessedSecurityT+2 hours
5Legal/Compliance notifiedCommanderT+2 hours
6Notification requirements determinedLegalT+4 hours
7Affected parties notifiedCommunicationsPer law
8Regulatory notifications filedLegalPer law
9Root cause analysisTechnicalT+48 hours
10Remediation implementedTechnicalAs identified
11Post-incident reviewCommanderT+7 days

6. Containment Strategies

6.1 Operational Containment

IncidentContainment Action
Route deviationContact driver, monitor closely
HOS violationDirect driver to stop, arrange replacement
Vehicle issueDirect to safe location, dispatch assistance
Driver unresponsiveEscalate to Safety, contact emergency services

6.2 Security Containment

IncidentContainment Action
Account compromiseSuspend account, revoke sessions
API abuseRate limit or block source
Data exposureRevoke access tokens, rotate keys
System intrusionIsolate affected systems

7. Documentation Requirements

7.1 Incident Record Fields

FieldRequired
Incident IDYes
Detection timestampYes
Detection methodYes
Category and typeYes
Severity levelYes
Affected partiesYes
DescriptionYes
Timeline of eventsYes
Containment actionsYes
Resolution actionsYes
Root causeYes
Lessons learnedYes
Follow-up actionsYes

7.2 Retention

See PLCY-RET-001 Records Retention Policy for authoritative retention schedule.

Summary of applicable retention periods:

Record TypeRetention
Incident records36 months
Supporting evidence36 months
Communications36 months
Post-incident reports36 months

Refer to PLCY-RET-001 for legal hold procedures and destruction requirements.

8. Post-Incident Activities

8.1 Root Cause Analysis

StepActionTimeline
1Collect all evidenceWithin 24 hours
2Interview involved partiesWithin 48 hours
3Analyze timeline and contributing factorsWithin 72 hours
4Identify root cause(s)Within 5 days
5Document findingsWithin 7 days

8.2 Remediation Planning

PriorityRemediation Timeline
Critical gapsImmediate (before closure)
High-risk improvements30 days
Medium improvements90 days
Low-priority enhancementsNext planning cycle

8.3 Lessons Learned

After each significant incident:

  • Conduct post-mortem meeting
  • Document what worked well
  • Document what needs improvement
  • Update procedures as needed
  • Share learnings with relevant teams

9. Regulatory Reporting

9.1 DOT/FMCSA Notifications

EventReporting Requirement
Accident with injuryReport per FMCSR regulations
HOS violation patternInternal documentation, inspection readiness
Vehicle safety issueDocumentation per FMCSR

9.2 Data Breach Notifications

JurisdictionNotification Timeline
California (CCPA)"Expedient" - typically 72 hours
Other statesVaries - typically 30-60 days
FederalPer applicable regulation

10. Testing & Training

10.1 Tabletop Exercises

Exercise TypeFrequency
Operational incidentQuarterly
Security breachSemi-annually
Regulatory scenarioAnnually

10.2 Training Requirements

RoleTraining Frequency
Incident Response TeamQuarterly
Operations staffSemi-annually
All employeesAnnually (awareness)

11. Document Control

VersionDateAuthorChanges
1.0[DATE][NAME]Initial release

CONFIDENTIAL - Internal Use Only - Hop And Haul Policy Documentation

Hop And Haul Team - Do Not Distribute