Incident Response
PPC's commitments for identifying, communicating, and resolving security incidents.
Last updated: March 2026
This page describes Pierce Power Consulting's (PPC) high-level incident response commitments as they relate to its website infrastructure and consulting engagements. It is intended to provide vendor risk reviewers and clients with a clear understanding of PPC's approach to security incidents.
Scope
This policy applies to:
- The public website (piercepowerconsulting.com) and its hosting infrastructure.
- Business systems used by PPC personnel to conduct engagements (email, file storage, communication tools).
- Any client-provided data or systems accessed during a contracted engagement.
Incident Identification
PPC monitors for potential security incidents through:
- Notifications from GitHub (the hosting platform) regarding repository or infrastructure anomalies.
- Alerts from email and business productivity platforms regarding unauthorized access or account compromise attempts.
- Reports submitted by external researchers through PPC's Responsible Disclosure process.
- Direct observation by PPC personnel during normal operations.
Response Commitments
- Containment: Upon identification of a credible security incident, PPC will take immediate steps to contain and limit the impact, including disabling affected systems or accounts as appropriate.
- Assessment: PPC will assess the scope, severity, and affected parties within 24 hours of confirming an incident.
- Client notification: If a confirmed incident involves unauthorized access to, or potential exposure of, client-provided data, PPC will notify the affected client(s) within 72 hours of confirming the incident. Notification will include a description of the incident, known impact, and steps being taken.
- Remediation: PPC will remediate confirmed vulnerabilities or exposures and implement measures to prevent recurrence.
- Post-incident review: For significant incidents, PPC will conduct a post-incident review and share a summary of findings and corrective actions with affected clients upon request.
Escalation Contact
All security incident reports and escalations should be directed to:
- Email: info@PiercePowerConsulting.com — Subject: Security Incident
- Primary contact: Colton D. Pierce, P.E. — Founder & Principal Consultant
For clients with an active engagement, the primary point of contact identified in the applicable Statement of Work or engagement agreement should be notified in parallel with the email above.
Infrastructure Incidents
Because the PPC website relies on a third-party managed hosting platform, infrastructure-level incidents (e.g., platform outages or TLS certificate issues) are subject to the hosting provider's own incident response processes. PPC will monitor hosting platform status communications and relay any relevant impact to stakeholders as appropriate.
Contact
For security-related inquiries, see our Security Overview and Responsible Disclosure pages, or email info@PiercePowerConsulting.com.