Incident Response

How CraftedTrust responds to incidents.

This page explains the response model behind the public product. It is a posture statement, not a contractual SLA.

Status page Disclosure policy

Response lifecycle

1
Detect
Signals can come from internal monitoring, publisher reports, researcher submissions, or direct customer reports.
2
Triage
We assess severity, scope, affected surfaces, and whether public disclosure coordination is needed.
3
Contain and fix
We isolate the issue, ship the needed fix, and preserve the records required to understand what happened.
4
Communicate
We update the status page for service incidents and use the disclosure process when a security issue needs coordinated publication.
What users should expect

Simple public communication

  • The status page covers public service availability.
  • The disclosure policy covers vulnerability reporting and publication.
  • Material issues are communicated as directly as the situation requires.
Limits

No implied guarantee

This page explains current operating practice. It does not guarantee that every incident will follow an identical timeline or disclosure path.