Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools


wiki:policies:escalation

This is an old revision of the document!


Escalation to Client or Customer

Any employee or contractor who discovers any event of a questionable, fraudulent, or illegal nature should:

  1. Report the situation via Slack or email to our Incident Response Team, which is defined in the Incident Response Policy.
  2. Fill out the incident report form.

These reports should be made without fear of retaliation.

The incident response team will evaluate the incident and determine whether to notify the client. Situations that require escalation to the client include:

  • System intrusion - software exploit, SQL injection, XSS, use of stolen credentials.
  • Malware - ransomware, worm, spyware, rootkits, etc.
  • Information gathering - reconnaissance activities, network scanning or sniffing.
  • Social engineering - phishing, bribes and other (physical) threats
  • Fraud or theft
  • Unauthorized use of system privileges
  • Information breach
  • Privacy requests or complaints
  • Changes made to the cloud environment that may impact delivery of services
  • Other incidents categorized as high or critical in severity

Timeline

When an incident has occurred, Nested Knowledge will notify the client or customer withing 5 days for low-medium security incidents, within 2 hours for High-Severity incidents, and within 40 minutes for Critical incidents.

Incident categorization is described in our Incident Response Policy.

Roles

Our Incident Response Team, consisting of the CEO, CTO, and COO, will notify the appropriate client or customer agency via email.

Communication and Compliance

All investigators and leads on the Incident Response Team will be required to review this policy. This policy will be updated on an annual basis. Employees who deliberately violate this policy will be subject to disciplinary action up to and including termination.

Revision History

AuthorDate of Revision/ReviewComments/Description
K. Cowie01/25/2023Added changes to cloud environment as incident requiring escalation
K. Kallmes1/29/2023Approved

Return to Policies

wiki/policies/escalation.1712091700.txt.gz · Last modified: 2024/04/02 21:01 by katcow