WordPress.org
Get WordPress
WordPress.org

Make WordPress Community

Incident Response Process

Incident Response Process

In this article

↑ Back to top

Key principles

It is critical for the IRT to:

  • Handle incident reports as quickly and thoroughly as possible;
  • Keep all parties informed of the expected timeline and provide parties with regular process updates;
  • Uphold the confidentiality of all parties;
  • Maintain the incident report tracker so that it accurately reflects the current status of each IRT case.

Stage 1: Receive Reports

All reports are submitted through a dedicated channel (reports@wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/), to ensure privacy and confidentiality for the reporter. Upon receiving an incident report, the IRT aims to reply to a reporter as quickly as possible; within 3 days at most.

Stage 2: Initial Assessment

Upon receiving a report, the IRT conducts an initial assessment to determine whether the reported behavior may violate the WordPress Community Code of ConductCode of Conduct “A code of conduct is a set of rules outlining the norms, rules, and responsibilities or proper practices of an individual party.” – Wikipedia. This initial, high-level assessment is conducted via discussion in the private IRT SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel.

If the incident report is deemed to not contain a Code of Conduct violation:

  • A member of the IRT will reply to the reporter to inform them of this, with an explanation of why (for example, the reported situation may fall outside of the scope of the Code of Conduct because it didn’t occur in an official WordPress space; or the reported behavior doesn’t violate the Code of Conduct).
  • Then close the Help Scout ticket.

If the incident report may involve a Code of Conduct violation:

  • Add to Case tracker: Add this incident report as a new row in the IRT Case Tracker.
  • Form sub-team: The IRT forms a sub-team of three IRT members who are within a reasonable time zone spread of each other and the involved parties. (Note: By avoiding a wide time zone spread, the IRT is better equipped to handle reports in a timely manner).
    • Members of the sub-team are expected to have adequate time available to work on the time-sensitive incident response process.
    • Members of the sub-team should not have a direct connection to the case, and ideally do not have a direct connection to the parties involved.
  • Select a reliable form of communication: When the sub-team is formed, the three members should agree on the best way to quickly communicate with each other (examples: Slack DM, WhatsApp, email), to keep the process moving forward and avoid a lapse in communication.
  • Set sub-team expectations and desired timeline: The sub-team can discuss and define their expectations for how they will work together (communication norms, how they will collaborate to keep the process moving forward quickly), and set a shared understanding of each team member’s availability (upcoming vacations, etc). Based on this information, the sub-team can then set a timeline for the investigation process.
  • Notify parties of next steps: Upon forming, the sub-team will notify the reporter of next steps; and, with permission of the reporter, notify the reported party of the report and investigation. These communications should be sent as soon as possible, within one week of forming the sub-team at most.
  • Roles of sub-team and broader IRT: The sub-team will handle the investigation and next steps, and maintain the entry in the case tracker. The broader IRT remains available as a resource to the sub-team.

Stage 3: Investigate

If the incident report may involve a Code of Conduct violation, the IRT sub-team carries out a thorough investigation. This may involve speaking to involved parties and witnesses, and reviewing evidence. The sub-team will strive to handle incident reports as quickly and thoroughly as possible.

While the investigation is underway, the sub-team will provide regular updates to the reporter and reported parties, informing them of the current status of the investigation and next steps. These updates will be communicated every 2 weeks, to ensure clarity and continuity for the parties.

If a member of the sub-team is no longer available to work on the case, it is important that they inform the other members of the sub-team as soon a possible, and for the sub-team to find a replacement from the IRT. Otherwise, there is risk of delaying the incident response process. Similarly, if a member of the sub-team will be unavailable for a few days, it is important that they communicate this to the other members of the sub-team.

Stage 4: Decision Making

After the investigation, the team deliberates and decides on the appropriate action. This may range from a correction to more severe consequences, in accordance with the Code of Conduct Enforcement Guidelines.

When issuing a Code of Conduct response plan, the IRT uses the saved reply titled Issuing a Response Plan [Reported Party]. It is important to clearly write:

“We are issuing a [correction / warning / temporary ban / permanent ban], as described in the Community Code of Conduct Enforcement Guidelines, and request that you [insert outcome and end date, such as: step away from your organizer role for two months, ending on 14 February, 2024]. We kindly remind all parties involved that these findings and any related communications with the IRT are confidential. Sharing this information publicly or with unauthorized parties may result in further action by the IRT. We appreciate your cooperation in maintaining the integrity of this process.”

It can be helpful to include a clear and impartial description of the behavior that led to this response plan.

Please clearly state that the incident report is now closed:

“Now that the response plan has been determined and shared, we are closing this incident report.”

Remember to document the findings and response plan in the Case Tracker!

Stage 5: Feedback Loop

The IRT informs the reporting party about the outcome of the investigation and any actions taken, using the saved reply titled Issuing a Response Plan [Notify Reporter]. Remind the reported party that the findings and all IRT communications are confidential: “We kindly remind all parties involved that these findings and any related communications with the IRT are confidential. Sharing this information publicly or with unauthorized parties may result in further action by the IRT. We appreciate your cooperation in maintaining the integrity of this process.”

Members of the sub-team are responsible for updating the IRT Case Tracker to indicate that the case is closed.

First published

Last updated

WordPress.org
WordPress.org
Code is Poetry
s
search
c
compose new post
r
reply
e
edit
t
go to top
j
go to the next post or comment
k
go to the previous post or comment
o
toggle comment visibility
esc
cancel edit post or comment