# SCRIMED Trust Safety Incident Report

Incident ID: trustops-attribution-packet-audit-event
Title: Attribution analytics packet needed a dedicated audit event instead of CRM-export workaround
Generated: 2026-07-16T08:51:03.896Z
Severity: moderate
Status: monitoring
Owner: Sales operations and audit persistence owner
Accountable agent: Continuous Improvement Agent
Source channel: Supabase Identity And Audit Watch
Created: 2026-06-16T09:30:00.000Z
Updated: 2026-06-16T09:30:00.000Z
Legal-hold status: not-required

## Boundary
SCRIMED Trust and Safety Operations is an operating model and product control layer for synthetic evaluations, protected pilots, and enterprise readiness. It does not create legal advice, compliance certification, 24/7 managed SOC/MDR coverage, production clinical monitoring, or authorization for live clinical execution.

## Trigger Signal
Attribution packet release was audited under a generic sales artifact event while a dedicated event type was pending migration.

## Affected Surface
- sales operations
- attribution analytics
- audit events
- enterprise proof packets

## Buyer And Company Impact
Improves evidence specificity for investor, board, and enterprise sales reviews without exposing PHI or buyer-sensitive health data.

## Containment
Add a dedicated attribution packet audit event and keep a compatibility fallback during database rollout.

## Remediation Plan
Deploy the event migration, update the packet route header, and retain fallback metadata only until the database migration is confirmed.

## Evidence Routes
- /attribution-analytics
- /sales-operations
- /api/sales-operations/opportunities/{intakeId}/attribution-analytics-packet

## Audit Events
- attribution-analytics-packet-downloaded
- crm-export-downloaded-rollout-fallback
- no-phi-boundary-confirmed

## Improvement Actions
- Promote the dedicated audit event in Supabase.
- Smoke authenticated packet release after migration.
- Remove fallback metadata once the production migration is verified.

## Severity SLA
- Response target: Next operational review cycle with assigned owner and evidence route.
- Containment target: Document workaround, add review gate, and prevent unsupported external release.
- Executive escalation: Escalate if repeated, unowned, or buyer-facing.
- Required reviewers: control owner, engineering/product owner

## Production Boundary
This audit event applies to business-contact and workflow-scope sales metadata only; no PHI, clinical records, diagnosis details, payer member identifiers, or autonomous care claims.

## Remaining Limitations
- Production managed 24/7 coverage still requires staffed on-call/SOC/MDR coverage, contracts, tabletop exercises, customer-specific runbooks, and external security review.
- Tenant TrustOps storage is designed for synthetic pilots and enterprise readiness; regulated production incidents still require customer-approved live-data boundaries, breach analysis, notification decisions, and forensic process.
- The TrustOps Supabase migration must be applied and authenticated-smoke-tested in each environment before tenant mutation routes are used with buyers.
- Clinical, legal, privacy, security, copyright, trademark, reimbursement, and advertising determinations still require qualified human reviewers.