Incident Response
faktoora maintains a structured incident management process aligned to DORA (Digital Operational Resilience Act) requirements. This page describes how we detect, classify, respond to, and communicate security incidents.
Detection
We employ multiple layers of monitoring and automated alerting to detect incidents early across our application, infrastructure, and supply chain.
Classification
When an incident is detected, it is assessed within 30 minutes and classified based on:
| Factor | Assessment |
|---|---|
| Number of customers affected | Individual, subset, or all customers |
| Duration of impact | Transient, sustained, or ongoing |
| Data sensitivity | Public, internal, confidential, or restricted |
| Service criticality | Core platform, supporting service, or non-critical |
| Economic impact | Revenue, contractual, or regulatory implications |
Severity Levels
| Severity | Definition | Response time |
|---|---|---|
| Critical | Core service unavailable or confirmed data breach | Immediate — all hands |
| High | Significant user-facing impact or potential data exposure | Immediate during business hours |
| Medium | Limited impact, no data at risk | Within 1 business day |
| Low | Minor issue, no user impact | Within 5 business days |
Customer Communication
| Severity | Notification timeline | Channel |
|---|---|---|
| Critical | Within 1 hour of classification, updates every 2 hours | Email to affected customers |
| High | Within 4 hours if user-facing | Email to affected customers |
| Medium | Available on request | Via support channels |
| Low | Available on request | Via support channels |
Regulatory Reporting
For major incidents that meet regulatory thresholds, we follow DORA Art. 19 reporting timelines:
| Report | Deadline | Content |
|---|---|---|
| Initial notification | Within 4 hours of classification (no later than 24 hours from detection) | Incident type, affected services, detection time, preliminary impact assessment |
| Intermediate report | Within 72 hours | Updated impact assessment, root cause (if known), containment measures, data affected |
| Final report | Within 1 month | Complete root cause analysis, total impact, remediation actions, lessons learned |
These timelines exceed the requirements of both DORA and NIS2 (which requires initial notification within 24 hours).
Containment and Recovery
Our incident response process follows these phases:
- Containment — Isolate affected systems to prevent further impact
- Evidence preservation — Secure audit logs, application logs, and access records
- Root cause analysis — Identify the underlying cause
- Remediation — Implement fixes and verify resolution
- Recovery — Restore normal operations and confirm stability
Post-Incident Review
Every High and Critical incident undergoes a post-incident review within 5 business days, covering:
- Complete timeline of detection, response, and recovery
- Root cause analysis
- Impact assessment (customers, data, services)
- Evaluation of response effectiveness
- Preventive measures to avoid recurrence
Lessons learned are documented and incorporated into our security controls and procedures.
Incident Record Retention
All incident records are retained for a minimum of 5 years in accordance with DORA requirements.
Reporting an Incident
If you believe you have identified a security incident affecting faktoora or your data:
- Security incidents: security@faktoora.com
- Privacy incidents: privacy@faktoora.com
For vulnerability reports, see our Vulnerability Disclosure page.