Policy Provisions

Owned by Anna Odrynska
Sept 03, 2020
1 min read

Resolution Time

In addition to SLA and Application Security Policy, Alpha Serve declares to provide resolution to the security incidents and/or issues submitted by the users within the following time frames:

  • 3 weeks for incidents classified as High risk;

  • 6 weeks for incidents classified as Medium risk;

  • Within 15 weeks for the incidents classifies as Low risk.

The time frames mentioned are calculated from the date when the security incident or issue have been reported.

Alpha Serve leaves the right to extend the resolution time when needed with informing the relevant parties in advance.

Fix Releases

When a High-risk security incident is reported, Alpha Serve will issue a fixed release for the current version of the affected application as soon as possible. The necessity of fixed releases for previous versions is considered by Alpha Serve internally.

When a security incident of a Medium or Low risk is reported, Alpha Serve will include a fix in the next scheduled planned release.

Users of the application are advised to upgrade their installations after the bug fix release to ensure that the application work is secure.

Risk Definition

All security incidents reported should contain an assessed risk level based on the classification set by Application Security Policy.

The risk level assessment is based on the potential consequences of a certain vulnerability for all relevant parties.