Incident response
This page defines incident response scope, severity levels, target timelines, and escalation paths for launch operations.
Scope
- Applies to confirmed or suspected security incidents affecting VeliKey-operated systems and launch services.
- Applies to service incidents that materially degrade availability, integrity, or control-plane operation.
- Does not replace customer incident management obligations for customer-owned infrastructure and applications.
Severity model
- SEV-1: Active compromise risk or broad service outage requiring immediate coordinated response.
- SEV-2: High-impact degradation with customer impact but no confirmed broad compromise.
- SEV-3: Localized or low-impact incident requiring remediation and follow-up.
Response timeline targets
- SEV-1 acknowledgement target: within 30 minutes.
- SEV-2 acknowledgement target: within 4 hours.
- SEV-3 acknowledgement target: within 1 business day.
- Active incident update target: every 4 hours for SEV-1, daily for SEV-2/SEV-3 until stabilized.
Timeline targets are operational goals, not contractual SLAs.
Escalation paths
- Security incidents: security@velikey.com.
- Service-impact incidents: support@velikey.com.
- Enterprise account coordination: route through assigned account team and support channel.
- Public communication alignment is managed through the status communication workflow.
Related trust operations references
External communication note
External incident and uptime claims must be reviewed using the trust claims review workflow before publication.