Incident Management

At Kuali, we monitor our systems to ensure all services function according to our Service Level Agreement (SLA).  This document summarizes the process we follow when we become aware of an Urgent Incident impacting one or more of our services. The key purpose of the Incident Management process is to have timely, efficient communication in support of our goal to restore service as quickly as possible. This clearly defined approach aligns with our Incident Management Policy, which is regularly reviewed and audited as part of our annual SOC 2, Type 2 review.

• What is an Incident?
• What are the Steps we Take?
• What Else?
• Security Related Incidents

What is an Incident?

• Any event that exposes customer data to unauthorized individuals.
• Any event that causes unexpected downtime to environments covered by our production SLA.
• Any event that Kuali categorizes as “Urgent” according to our SLA.

What are the Steps we Take?

• Assign an incident manager. This is typically a member of our Support team, but it could be anyone.
• Create a temporary place to communicate internally about the incident. We use Slack and Zoom for real-time internal discussions.
• Create an internal ticket for tracking the incident.
• Communicate internally and assign responsible individuals.
• Communicate to impacted customers. In the event of a data breach, extent and impact will be investigated and the communication will take place within 72 hours.
• Monitor progress and communicate every 30-60 minutes. Communication frequency may differ in the case of a data breach.
• Communicate internally and externally when an incident is resolved.
• Conduct an internal post-mortem. We review the incident timeline, conduct a root cause analysis, identify steps to improve our services, and plan work to address the root cause.
• Summarize post-mortem findings and communicate externally to customers.

What Else?

• Depending on the type of incident, we may provide a customer bridge for real-time communication with customers.
• We follow this process when third-party vendors we rely on to provide our services have issues and will relay status updates to customers as we receive them.

Security-Related Incidents

Kuali treats all security-related incidents with the highest priority. A security incident includes any event that threatens the confidentiality, integrity, or availability of our systems, data, or services. Examples include unauthorized access, suspected data breaches, denial-of-service attacks, malware infections, or accidental disclosures of confidential data.

When a potential security incident is identified:

• Immediate Escalation - The issue is escalated to senior leadership. The team quickly assesses scope and impact while taking immediate steps to contain and mitigate risk.
• Investigation & Containment - We determine whether customer data may have been accessed, exposed, or compromised. Our teams work to secure data, preserve evidence for forensic analysis, and ensure business continuity.
• Customer Notification - If customer data is impacted, Kuali will notify affected customers without undue delay, in alignment with contractual and regulatory requirements.
• Ongoing Communication - Customers are provided timely and factual updates throughout the investigation and remediation. The frequency of updates may differ from other incidents to balance transparency with the need to preserve forensic integrity.
• Resolution & Review - Security incidents are considered resolved when data has been secured, service restored, and all customer notification obligations have been met. After resolution, Kuali conducts a root cause analysis and incorporates the findings into ongoing security and risk management practices.
• Customer Reporting - Following resolution, we will provide a report summarizing what occurred, its impact, and the steps Kuali is taking to strengthen security controls.