Skip to content

Incident Reporting

This page describes how to report a production incident and what to expect from NTWIST during incident response.

How to report

Report production incidents through the on-call channel defined for your deployment. The on-call channel is established at deployment time and confirmed in writing. If you do not have it, contact your customer success lead.

When you report, please include:

  1. What is happening. A short description of the symptom and where it is observed.
  2. When it started. Approximate start time, time zone, and whether it is intermittent or continuous.
  3. What changed recently. Any known changes to NTWIST products, customer systems, integrations, or operating conditions.
  4. Operational impact. What operational decision or workflow is affected. This drives severity.
  5. Contact. A point of contact on the customer side, and the best way to reach them.

A short, accurate report from the customer side is the single biggest accelerator of resolution.

What NTWIST does

On receipt of an incident report:

  1. Acknowledge within the initial response target (see Service Levels).
  2. Assess severity jointly with the customer reporter.
  3. Engage the right NTWIST responders (customer success engineer, product engineer, on-call engineer as needed).
  4. Communicate at the agreed update cadence until the incident is resolved.
  5. Resolve through a workaround, fix, or rollback, with the customer's go or no-go on each material decision.
  6. Document a post-incident summary for S1 and S2 incidents.

Post-incident summary

For S1 and S2 incidents, NTWIST produces a post-incident summary within ten business days of resolution. The summary includes:

  • Timeline (incident detection, response, mitigation, resolution).
  • Root cause analysis.
  • What contributed to the impact (technical and process factors).
  • What was done to mitigate the immediate impact.
  • Corrective and preventive actions, with owners and target dates.
  • Customer-side actions, if any are recommended.

Post-incident summaries are shared with the customer and incorporated into NTWIST's internal continuous improvement program.

Security incidents

A security incident is reported and handled through the same channel, with these additional considerations:

  • The reporter should mark the report as security-related to trigger the security incident response path.
  • NTWIST coordinates communication with the customer's security team.
  • Customer notification of confirmed security incidents involving customer data is performed without undue delay and within any contractual or regulatory timelines that apply.

For pre-incident vulnerability reports (a customer or third party has identified a potential weakness before exploitation), see Security Overview.

DR and continuity events

For events that trigger the customer's disaster recovery or business continuity plan, NTWIST follows the runbook agreed during deployment. We run periodic DR tabletop exercises with customers who have requested them. Outputs from those tabletops are tracked and incorporated into the runbook.

Improvement loop

Every S1 and S2 incident produces a tracked action item set. NTWIST reviews these at a monthly internal cadence and reports outstanding actions to the customer in regular customer success engagement.