Security
Incident Response Overview
Operational incident handling, severity, communication, and review practices for TrustRFP AI.
Severity levels
Incidents are triaged by customer impact, security risk, data exposure risk, service availability, and marketplace or billing impact.
- Severity 1 covers production unavailability, confirmed security incidents, or severe data exposure risk.
- Severity 2 covers major workflow degradation, marketplace activation blockage, or significant integration failure.
- Severity 3 and 4 cover non-blocking product issues, configuration questions, documentation requests, and feature feedback.
Response workflow
The response process includes detection, triage, containment, customer communication, remediation, monitoring, and post-incident review. Security reports should be sent to [email protected].
Customer communication
Material incidents are communicated through the configured support path, status page updates, or contractual notification channel based on severity, impact, and customer agreement.