Purpose
Nozomi Networks is committed to maintaining the security, availability, and integrity of its products and services. This Incident Response Policy describes how Nozomi Networks identifies, responds to, and communicates about security incidents affecting Nozomi Networks products, as defined in the Nozomi Networks End User License Agreement (EULA).
Scope
This policy applies to confirmed security incidents involving Nozomi Networks products and related supporting systems within Nozomi Networks’ operational control, as defined in the EULA. This policy does not apply to customer‑managed environments, third‑party systems outside Nozomi Networks’ control, or incidents unrelated to Nozomi Networks products.
Incident Definition
For purposes of this policy, a security incident is an event that resulted in one or more of the following:
- Unauthorized access to customer assets (including data) within Nozomi Networks products or supporting systems
- Unauthorized disclosure, alteration, or loss of data processed by Nozomi Networks products
- Compromise of the confidentiality, integrity, or availability of Nozomi Networks software
- Exploitation of a vulnerability that materially impacts product security
Events that do not meet this threshold (e.g., unsuccessful attacks, isolated anomalies, or routine security findings without impact) are handled through standard security operations processes and are not considered incidents under this policy.
Severity Levels
| Code | Name | Description | Impact | Response |
|---|---|---|---|---|
| SEV-0 | Emergency / Security Crisis | Active critical incident with severe business and security impact | - Total outage - Full compromise - Active attack - Data breach - Regulatory/legal risk |
- Immediate response (24/7) - War room activated - Executive + Security + SRE involved - Real-time communication |
| SEV-1 | Critical | Severe user impact or high-risk security issue (not yet full crisis) | - Major functionality unavailable - High-risk vulnerability - Large-scale outage |
- Immediate response - Incident commander assigned - Rapid mitigation required - Frequent updates |
| SEV-2 | High | Significant degradation or moderate security risk | - Partial outage - High impact on subset of users - Exploitable misconfigurations |
- Same-day response - Coordinated mitigation/fix - High priority handling |
| SEV-3 | Medium | Limited impact or low-risk security issue | - Minor degradation - Limited users affected - Low exploitability |
- Business hours handling - Scheduled remediation |
| SEV-4 | Low | Minimal impact or security hardening opportunity | - No significant user impact - Preventive improvements |
- Backlog prioritization - Opportunistic resolution |
| SEV-5 | Informational | No incident, advisory or improvement item | - No user or system impact | - Tracking only - No immediate action required |
Incident Response Process
Nozomi Networks maintains an incident response program aligned with recognized security frameworks, including SOC and ISO/IEC 27001 principles. At a high level, the incident response process includes:
- Detection and Identification
Security events are monitored and assessed to determine whether an incident has occurred. - Analysis and Confirmation
Relevant teams investigate the event to confirm the incident, assess scope and impact, and identify affected products or systems. - Containment and Mitigation
Actions are taken to contain the incident, limit potential impact, and mitigate identified risks. - Remediation and Recovery
Corrective measures are implemented to remediate root causes and restore affected systems or functionality, as appropriate. - Post‑Incident Review
Incidents are reviewed to improve controls, processes, and preventive measures.
External Notification and Communication
Where an incident is confirmed and external notification is required, Nozomi Networks will initiate external communications within 72 hours of incident confirmation, unless otherwise required by applicable contractual, legal, or regulatory obligations.
External notifications are conducted in accordance with:
- This Incident Response Policy, and
- The specific notification, timing, and communication obligations set forth in applicable agreements executed with customers.
Customer communications will be limited to information reasonably necessary to support customer risk assessment and response, and communications may evolve as additional facts become available.
Coordination with Customer Agreements
This policy is intended to operate in combination with customer‑specific contractual requirements. Where customer agreements establish incident notification obligations, timelines, or communication processes, those contractual terms take precedence. Nozomi Networks’ external communications will be aligned with both this Policy and any applicable customer‑executed guidelines or agreements.