Developer portal
Incident response
Operational process for detecting, responding to, and recovering from security and availability incidents.
Last updated: 2026-06-09
Response summary
Qtangl maintains a documented incident response process with assigned roles, escalation paths, and customer communication requirements. The process covers security events, service disruptions, and material data risk.
Incident lifecycle
| Field | Type | Required | Description |
|---|---|---|---|
| Detect and triage | continuous | Yes | Alerts, telemetry, and operator reports are triaged by severity and customer impact. |
| Contain and eradicate | immediate | Yes | Access controls, credential rotation, and service isolation actions are executed to stop spread. |
| Recover | priority-based | Yes | Services are restored in phased order with validation and monitoring before full return to normal. |
| Post-incident review | required | Yes | Root cause, corrective actions, and prevention owners are documented and tracked to closure. |
Customer communication
- Material incidents are communicated to affected customers with scope and timeline updates.
- Updates include what happened, current containment status, and required customer actions.
- Post-incident summaries include corrective actions and prevention commitments.
Business continuity and disaster recovery
| Field | Type | Required | Description |
|---|---|---|---|
| Critical API services | target RTO <= 4h | Yes | Priority restoration objective for core tenant access and scan lifecycle endpoints. |
| Background processing | target RTO <= 8h | Yes | Queue and scheduler restoration target for asynchronous processing flows. |
| Data durability | target RPO <= 1h | Yes | Recovery point objective for operational data under normal backup replication assumptions. |
Vulnerability disclosure
Report suspected vulnerabilities to charley@qtangl.com. Include reproduction steps, affected endpoints, and impact assessment. We acknowledge reports within 2 business days and coordinate disclosure timelines with reporters for validated findings. See /trust/disclosure.
Found an issue? Report documentation feedback