At OSKY, we take a proactive approach to incident management, ensuring timely response and resolution to safeguard our clients’ digital assets. Our Incident Management Response and Resolution Targets/Standards are carefully defined to set clear expectations and ensure a swift, systematic, and effective response to security incidents.

1. Initial Response Time:

• OSKY commits to initiating an initial response to any reported incident within 30 minutes of its identification. This rapid response time is crucial in containing and mitigating the impact of security events.

2. Incident Categorisation and Prioritisation:

• Upon identification, incidents will be categorised based on their severity and prioritised for resolution. Critical incidents, affecting core systems or sensitive data, will receive the highest priority.

3. Client Notification Timeframe:

• Clients will be notified of the incident, including its nature and potential impact, within one hour of its identification. Clear and transparent communication is a priority during incident response.

4. Escalation Protocols:

• OSKY follows well-defined escalation protocols to involve the necessary levels of expertise and management. Critical incidents will be escalated promptly to ensure swift and effective resolution.

5. Forensic Investigation Timeframe:

• Forensic investigations to determine the root cause of incidents will commence within 24 hours of containment. This allows for a thorough analysis to inform resolution strategies and future preventive measures.

6. Containment and Eradication Targets:

• OSKY aims to achieve containment of incidents within four hours of their identification. Following containment, eradication measures will be implemented promptly to eliminate the root cause.

7. Recovery Time Objective (RTO):

• The Recovery Time Objective (RTO) for incidents is set at 48 hours. OSKY strives to restore affected systems to a secure state and resume normal operations within this timeframe.

8. Continuous Improvement and Lessons Learned:

• Each incident will be followed by a comprehensive review within 72 hours. Lessons learned from the incident will inform updates to procedures, training, and technologies to strengthen incident response capabilities continuously.

OSKY’s Incident Management Response and Resolution Targets/Standards establish clear benchmarks for response times, client communication, and resolution objectives. These standards reflect our commitment to delivering a rapid, effective, and client-centric response to security incidents, ensuring the integrity and security of our clients’ digital environments.