1. Purpose
Define the process SlashLogixx follows to detect, triage, contain, eradicate, recover from, and notify customers and regulators about security incidents affecting the Spark platform or any SlashLogixx-operated product.
2. What Counts as an Incident
An incident is any confirmed or reasonably suspected event that has compromised the confidentiality, integrity, or availability of customer data, production systems, or the platform's ability to deliver service. Unverified anomalies enter triage; once triaged, they either become incidents under this policy or are closed with a written rationale.
3. Severity Classification
| Severity | Definition | Initial response | Customer notification target |
|---|---|---|---|
| SEV-1 | Confirmed unauthorized access to customer data; or complete platform outage; or active exploit. | Within 30 minutes of detection. | Within 24 hours of confirmation. |
| SEV-2 | Material risk of compromise; partial outage affecting one or more customers; suspected exploit under investigation. | Within 2 hours of detection. | Within 72 hours of confirmation, if customer-impacting. |
| SEV-3 | Internal control weakness, near-miss, or single-customer incident with no data-confidentiality impact. | Next business day. | Direct to affected customer where applicable. |
4. Lifecycle
- Detect. Monitoring, log alerts, customer reports, and external advisories feed a single intake.
- Triage. The on-call engineer classifies severity, opens an incident record, and assigns an Incident Commander.
- Contain. Stop the bleeding. Revoke credentials, isolate hosts, block traffic, disable affected features.
- Eradicate. Remove the underlying cause — patched code, rotated key, blocked actor, removed artifact.
- Recover. Restore service from clean state and verify with health checks before re-opening user traffic.
- Notify. Customers, regulators, and (when applicable) law enforcement are notified per Section 5.
- Post-mortem. A written post-incident review is completed within ten (10) business days. Root cause, timeline, and corrective actions are tracked to completion.
5. Customer Notification
- SlashLogixx will notify any customer whose data is reasonably believed to have been accessed, exposed, or materially impacted, no later than the targets in Section 3.
- Notifications describe what we know, what we do not yet know, what we are doing, and what action (if any) the customer should take.
- Updates are provided until the incident is closed and a post-mortem has been shared with affected customers.
6. Regulatory Notification
SlashLogixx will comply with applicable breach-notification laws including state attorneys-general statutes in the United States, GDPR Articles 33–34 where the EU is implicated, and contractually required timelines under any signed DPA or BAA. Where regulatory and customer notification timelines conflict, the shorter timeline prevails.
7. Evidence Preservation
- Logs, memory dumps, disk images, and other forensic evidence are preserved in tamper-evident storage for at least twelve (12) months following incident closure.
- Chain of custody is maintained for any evidence that may be turned over to law enforcement or used in litigation.
8. Customer-Side Incidents (Spark Studio & OnPrem)
9. Communication Channel
To report a suspected security incident affecting SlashLogixx or any SlashLogixx-operated product, send details to security@slashlogixx.com. Reports are triaged within four (4) business hours.
10. Testing
This plan is exercised in a tabletop or technical drill at least once per calendar year. Findings are captured as corrective actions and tracked to completion.