Skip to main content

Incident response

NEXT AI maintains a documented, tested incident response plan with 24×7×365 on-call engineering. Security signals (e.g., GuardDuty findings, WAF detections, brute-force indicators) are triaged and escalated by severity, with clear roles, containment/remediation, and post-incident reviews.

What does the incident response plan cover

  • Escalation procedures and notification paths
  • Incident severity identification and classification
  • Roles, responsibilities, and communication strategies (internal & external)
  • Containment and remediation steps
  • Post-incident retrospective for root-cause analysis and improvements

Lifecycle (aligned to standards)

Our process follows recognized guidance: Detect → Respond → Recover, supported by broader Govern/Identify/Protect activities (per NIST SP 800-61 Rev.3).

Monitoring & 24×7 escalation

Continuous logging and alerting auto-escalate issues; on-call engineering 24×7×365 engages based on severity. Typical triggers include severe vulnerabilities, researcher disclosures, intrusion detections, elevated errors/operational anomalies, and breach disclosures.

Timelines (SLA) — how fast we respond

For customers with Premium Support, NEXT AI commits to the following initial response and status-update targets (business hours: Mon 05:00–Sat 05:00 UTC). Security incidents will still engage 24×7 on-call per this plan; the table below reflects formal support SLAs.

Priority

Description (summary)

Initial response

Status updates

Urgent

Service inoperative / complete failure (platform downtime)

2 hours

Hourly

High

Core functionality inoperative, no workaround

4 Business Hours

Every 24 Business Hours

Medium

Functionality impaired, workaround available

24 Business Hours

N/A

Low

Low-impact issues / questions

48 Business Hours

N/A

System uptime and availability

NEXT targets 99.5% monthly uptime with service credits if not met; see the Service Level Agreement and public Status page for availability communications.

Communications (customers & regulators)

Customer communications follow the plan’s severity thresholds. Where GDPR applies, NEXT AI acts as a processor and notifies affected customers/controllers without undue delay so they can assess and meet any supervisory-authority or data-subject notification duties under Articles 33 and 34. NEXT AI supports controllers’ assessments and notifications as provided by contract and law.

  • Evidence preservation: Relevant logs, audit records, and case artifacts are preserved to support investigation, remediation, and audit follow-up.
  • Chain of custody: Incident records capture who collected evidence, when it was collected, where it was stored, and any transfer or access to preserve traceability.
  • Forensic support: NEXT AI uses AWS-native audit and telemetry sources plus platform logs to investigate the scope, timeline, and affected tenants of an incident.
  • Legal requests: Requests from law enforcement, regulators, or other third parties are routed through legal review and handled under documented internal procedures and contractual obligations.

FAQ

Q: Do you have a formal incident response plan?

Yes—documented, tested, and covering escalation, severity classification, roles/communications, containment/remediation, and post-incident review.

Q: Is coverage truly 24×7?

Yes. On-call engineering is available 24×7×365; alerts from monitoring trigger escalation based on severity.

Q: How fast will you respond to a critical issue?

For Premium Support, Urgent incidents receive an initial response within 2 hours and hourly updates; High priority within 4 Business Hours with updates every 24 Business Hours.

Q: What are “Business Hours” for support SLAs?

Mon 05:00 – Sat 05:00 UTC, excluding NEXT AI holidays.

Q: How does this differ from uptime/availability commitments?

Response-time SLAs cover support. Availability is governed by the Service Level Agreement (target 99.5% monthly, with service credits if not met) and public Status notifications.

Q: What about GDPR’s 72-hour rule?

Under GDPR, controllers notify authorities without undue delay and, where feasible, within 72 hours of becoming aware of a personal-data breach. NEXT AI, as processor, notifies controllers without undue delay and supports them per contract and law.

Q: How does NEXT AI preserve evidence during an incident?

Relevant logs, alerts, audit trails, and investigation artifacts are preserved with traceable handling so the team can support remediation, customer reporting, and any follow-on legal or forensic review.

Such requests are routed through legal review and handled under documented procedures, with scope limited to what is legally required and contractually appropriate.