# Incident Response Plan ## P0 - cross-school data leak - unauthorized payment file access - incorrect payment balances at scale - bulk communication sent to wrong audience - sensitive report export leak - scanner outage during active session - student data corruption ## P1 - module unavailable - report incorrect for subset - payment edit failure - attendance duplicate spike - communication provider failure - Islamic extension profile unavailable ## Response Steps 1. Disable feature flag if applicable. 2. Stop affected queues/jobs. 3. Preserve logs and audit evidence. 4. Notify owner/security/support. 5. Run reconciliation. 6. Apply rollback or forward fix. 7. Document root cause. 8. Add regression test.