At a glance
NEXT AI maintains a documented, tested incident response plan with 24×7×365 on-call engineering. Security signals (e.g., GuardDuty findings, WAF detections, brute-force indicators) are triaged and escalated by severity, with clear roles, containment/remediation, and post-incident reviews.
What does the incident response plan cover
Escalation procedures and notification paths
Incident severity identification and classification
Roles, responsibilities, and communication strategies (internal & external)
Containment and remediation steps
Post-incident retrospective for root-cause analysis and improvements
Lifecycle (aligned to standards)
Our process follows recognized guidance: Detect → Respond → Recover, supported by broader Govern/Identify/Protect activities (per NIST SP 800-61 Rev.3).
Monitoring & 24×7 escalation
Continuous logging and alerting auto-escalate issues; on-call engineering 24×7×365 engages based on severity. Typical triggers include severe vulnerabilities, researcher disclosures, intrusion detections, elevated errors/operational anomalies, and breach disclosures.
Timelines (SLA) — how fast we respond
For customers with Premium Support, NEXT AI commits to the following initial response and status-update targets (business hours: Mon 05:00–Sat 05:00 UTC). Security incidents will still engage 24×7 on-call per this plan; the table below reflects formal support SLAs.
Priority | Description (summary) | Initial response | Status updates |
Urgent | Service inoperative / complete failure (platform downtime) | 2 hours | Hourly |
High | Core functionality inoperative, no workaround | 4 Business Hours | Every 24 Business Hours |
Medium | Functionality impaired, workaround available | 24 Business Hours | N/A |
Low | Low-impact issues / questions | 48 Business Hours | N/A |
System uptime and availability
NEXT targets 99.5% monthly uptime with service credits if not met; see the Service Level Agreement and public Status page for availability communications.
Communications (customers & regulators)
Customer communications follow the plan’s severity thresholds. Where GDPR applies, NEXT AI will notify the supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of a personal-data breach (Article 33). NEXT AI supports controllers’ assessments and notifications as provided by contract and law
FAQ
Q: Do you have a formal incident response plan?
Yes—documented, tested, and covering escalation, severity classification, roles/communications, containment/remediation, and post-incident review.
Q: Is coverage truly 24×7?
Yes. On-call engineering is available 24×7×365; alerts from monitoring trigger escalation based on severity.
Q: How fast will you respond to a critical issue?
For Premium Support, Urgent incidents receive an initial response within 2 hours and hourly updates; High priority within 4 Business Hours with updates every 24 Business Hours.
Q: What are “Business Hours” for support SLAs?
Mon 05:00 – Sat 05:00 UTC, excluding NEXT AI holidays.
Q: How does this differ from uptime/availability commitments?
Response-time SLAs cover support. Availability is governed by the Service Level Agreement (target 99.5% monthly, with service credits if not met) and public Status notifications.
Q: What about GDPR’s 72-hour rule?
Under GDPR, controllers notify authorities without undue delay and, where feasible, within 72 hours of becoming aware of a personal-data breach; NEXT AI supports the controller per contract and law.