Incident response

Our incident response policy: Detection · WATCHDOG CRON (15-min cadence): infrastructure + application health · GUARDIAN CRON (daily): PDPA + cross-tenant isolation · SENTINEL CRON (hourly): output quality + safety · Customer reports: security@onset.my, 24-hour acknowledgement target Classification (severity) · SEV1 — major outage, data exposure, customer-impacting bug spreading · SEV2 — partial outage, degraded performance · SEV3 — informational degradation, no customer impact · SEV4 — internal observation Response · On detection, an incident is logged at /admin/incidents. · A war-room is opened in Telegram with the on-call. · Public-facing updates land at /status within 15 minutes for SEV1/SEV2. · Affected customers are emailed within 24 hours for any incident that touched their data. Post-incident · A blameless post-mortem is published internally within 5 working days. · Customer-visible incidents have a public post-mortem within 14 days. · SLA credits are applied automatically per /sla. PDPA security breach: notified to NDPC within 72 hours of confirmation, per the PDPA Amendment 2024. 24/7 contact: security@onset.my (PGP key on request).