> ## Documentation Index
> Fetch the complete documentation index at: https://learn.nextedy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Incident Management

> How Nextedy monitors, triages, and responds to security incidents — contacts, SLAs, and escalation process.

export const LastReviewed = ({date}) => {
  if (!date) return null;
  const formatted = new Date(`${date}T00:00:00Z`).toLocaleDateString("en-US", {
    year: "numeric",
    month: "long",
    day: "numeric",
    timeZone: "UTC"
  });
  return <p className="mt-10 text-sm text-gray-400 dark:text-zinc-500 not-prose">
      Last reviewed on {formatted}
    </p>;
};

## Security Contact

Report security vulnerabilities or incidents to:

| Channel      | Details                                                           |
| ------------ | ----------------------------------------------------------------- |
| **Email**    | [security-alerts@nextedy.com](mailto:security-alerts@nextedy.com) |
| **Response** | Acknowledged within 1 business day                                |

This is a monitored Google Workspace Group with automatic forwarding to the security team's Slack channel (`#security-alerts`) for real-time notification.

## Monitoring

Nextedy maintains 24/7 monitoring for security events through:

* **Dependency vulnerability alerts** — Snyk continuously scans all third-party components and generates alerts for newly disclosed vulnerabilities.
* **Code scanning alerts** — SonarQube flags security-relevant findings in new code.
* **Incident inbox** — The `security-alerts@nextedy.com` address accepts reports from customers, partners, and automated scanning tools.

All alerts are routed to the security team via Slack integration for immediate visibility.

## Incident Response Process

### 1. Intake

When a security issue is reported or detected, the security team:

* Acknowledges receipt within 1 business day
* Assigns an incident owner
* Creates a tracking record with initial details

### 2. Triage and Severity Assessment

The incident owner assesses severity based on:

| Severity     | Criteria                                                                | Examples                                                      |
| ------------ | ----------------------------------------------------------------------- | ------------------------------------------------------------- |
| **Critical** | Active exploitation possible, affects data integrity or confidentiality | Remote code execution, authentication bypass                  |
| **High**     | Exploitable vulnerability with significant impact                       | Privilege escalation, data exposure under specific conditions |
| **Medium**   | Vulnerability with limited exploitability or impact                     | Information disclosure with low sensitivity                   |
| **Low**      | Minimal risk, defense-in-depth improvement                              | Hardening recommendation, minor configuration issue           |

### 3. Remediation

The security team develops and tests a fix. The remediation timeline depends on severity:

| Severity     | Patch SLA                          |
| ------------ | ---------------------------------- |
| Critical     | Within 5 business days             |
| High         | Within 10 business days            |
| Medium / Low | Next scheduled release (quarterly) |

### 4. Notification

* **Breach notification** — If a confirmed breach affects customer data, Nextedy notifies affected customers within 24 hours.
* **Patch notification** — Security patches are communicated through the support portal and direct customer contact.
* **Advisory publication** — For vulnerabilities affecting released versions, Nextedy publishes a security advisory with affected versions, remediation steps, and upgrade instructions.

## Evidence and Traceability

All security incidents are tracked with:

* Unique incident identifier
* Timeline of discovery, triage, and resolution
* Root cause analysis (for high and critical incidents)
* Verification that the fix resolves the issue

This record is retained for audit purposes and is available to customers under NDA upon request.

<LastReviewed date="2026-02-23" />
