Incident response
Severity levels, response times, escalation flow, and security contact. Required for enterprise procurement.
Last updated: March 2025
Security contact
Report security incidents or responsible disclosure: support@orinel.app (or via Supportwith subject "Security – Responsible disclosure").
Severity levels
| Severity | Description | Response time (target) |
|---|---|---|
| Critical | Active breach or full service outage | 1 hour (business hours) |
| High | Significant security issue or major partial outage | 4 business hours |
| Medium | Isolated finding or limited degradation | 1 business day |
| Low | Minor issue, no or limited customer impact | 2 business days |
Escalation flow
- Detection and reporting — Support, monitoring alerts, or responsible disclosure. All logged and triaged.
- Triage — Severity assigned; Critical/High get owner and immediate escalation to incident lead.
- Containment — Limit impact; preserve evidence where relevant.
- Remediation — Root cause fixed and deployed.
- Recovery — Service restored; data integrity confirmed.
- Post-incident — Post-mortem; customer communication when required; follow-up tracked.