Any employee or contractor who discovers any event of a questionable, fraudulent, or illegal nature should:
These reports should be made without fear of retaliation.
The incident response team will evaluate the incident and determine whether to notify the client. Situations that require escalation to the client include:
When an incident has occurred, Nested Knowledge will notify the client or customer within 2 hours for High-Severity incidents and within 40 minutes for Critical incidents.
Incident categorization is described in our Incident Response Policy.
Our Incident Response Team, consisting of the CEO, CTO, and COO, will notify the appropriate client or customer agency via email.
All investigators and leads on the Incident Response Team will be required to review this policy. This policy will be updated on an annual basis. Employees who deliberately violate this policy will be subject to disciplinary action up to and including termination.
Author | Date of Revision/Review | Comments/Description |
---|---|---|
K. Cowie | 01/25/2023 | Added changes to cloud environment as incident requiring escalation |
K. Kallmes | 1/29/2023 | Approved |