Incident Response Policy¶
Version 1.0 | Classification: CONFIDENTIAL — Internal Use Only
Purpose¶
Define GPUS-IT obligations for detecting, reporting, containing, and recovering from security incidents.
Scope¶
Applies to all incidents affecting GPUS-IT systems, including the WDC on-premises cluster, GCP cloud environment, and associated data.
Incident Definition¶
An incident is any event that actually or potentially jeopardizes the confidentiality, integrity, or availability of GPUS-IT systems or data.
Severity Levels¶
| Severity | Definition |
|---|---|
| P1 | Service outage or confirmed breach |
| P2 | Service degradation or suspected breach |
| P3 | Anomalous activity under investigation |
| P4 | Informational; monitor only |
Response Obligations¶
| Obligation | Requirement |
|---|---|
| P1 detection to initial response | < 15 minutes |
| P2 detection to initial response | < 1 hour |
| P1/P2 IT Manager notification | Within 1 hour of detection |
| Incident log entry | Required for all P1–P3 events |
| After-action review | Required for all P1 events; recommended for P2 |
Key Contacts¶
| Role | Scope | Contact Method |
|---|---|---|
| DNS/DHCP Admin | SKY, RAIN | On-call phone + SSH / Webmin |
| Monitoring/Logging Admin | SUN, WIND | On-call phone + SSH / Webmin |
| Security Operations | All servers — threat analysis and containment | SOC hotline |
| IT Manager | P1/P2 escalation | Phone |
Procedure¶
See Incident Response Plan for step-by-step procedures.
Incident Response Policy · v1.1 · 2026-03-14 · GPUS-IT · Classification: CONFIDENTIAL — Internal Use Only