Incident Response
Rankability has a formal incident response process designed to detect, contain, and resolve security events quickly while keeping affected parties informed.
Severity Levels
We classify incidents into four severity levels, each with defined response and resolution targets:
| Severity | Description | Response Time | Resolution Target |
|---|---|---|---|
| Critical (SEV-1) | Active data breach, complete service outage, or compromised authentication | 15 minutes | 4 hours |
| High (SEV-2) | Security vulnerability being exploited, partial outage, or unauthorized access detected | 30 minutes | 8 hours |
| Medium (SEV-3) | Potential vulnerability identified, minor degradation, or suspicious activity | 4 hours | 48 hours |
| Low (SEV-4) | Minor security concern, policy violation, or non-urgent vulnerability | 24 hours | 1 week |
Automatic Detection
Our platform includes built-in detection mechanisms:
- API key abuse detection: Automatic suspension after detecting abuse patterns (excessive rate limit violations or consecutive errors)
- Authentication monitoring: Failed login attempts and unauthorized access attempts are logged to the audit trail
- Rate limit enforcement: Multi-layer rate limiting detects and blocks anomalous request patterns
- Spend anomaly detection: Daily AI spend caps alert on unexpected usage
Response Process
Our incident response follows five phases:
Detection & Identification
Confirm the event, assess severity, and create an incident record with a unique identifier.
Containment
Take immediate action to limit the scope and impact. This may include revoking compromised credentials, disabling affected integrations, or rotating secrets. Evidence is preserved before any cleanup processes run.
Eradication
Identify and remove the root cause. Patch vulnerabilities, rotate all potentially compromised credentials, and verify the fix addresses the root cause.
Recovery
Restore normal operations and verify system integrity. Enhanced monitoring remains in place for 72 hours after recovery. Access controls, rate limiting, and tenant isolation are all verified before declaring recovery complete.
Post-Incident Review
Within 5 business days, we conduct a review covering the full timeline, root cause analysis, what worked, what needs improvement, and corrective actions with owners and deadlines.
Communication
During an Incident
- Internal status updates every 30 minutes during active incidents
- Status page updated within 15 minutes of a confirmed outage
- Customer notification via email for extended outages (longer than 1 hour)
After an Incident
- Post-incident summary published within 48 hours of resolution
- Affected customers notified directly if their data was involved
- Regulatory notifications sent if required by applicable law
Reporting a Security Issue
If you discover a security vulnerability or suspect a security incident, please contact us at [email protected].
We respond to security reports within one business day and will work with you to understand and address the issue. We follow responsible disclosure practices and will not take legal action against researchers who report vulnerabilities in good faith.
For security inquiries or to request our SOC 2 report, contact [email protected]