ZERAKET

Operations

Incident response plan.

A short, operational view of how ZERAKET responds to security or availability incidents. Owned by the security on-call and reviewed quarterly.

Severity levels

  • SEV-1, customer data exposure or payment fraud at scale, page security lead within 15 minutes
  • SEV-2, gate or checkout outage during a live event, page on-call within 15 minutes
  • SEV-3, degraded function affecting some customers, response within 1 hour business time
  • SEV-4, minor issue or single-customer report, response within 1 business day

Detection

  • Heartbeat workers verify critical journeys end-to-end
  • Gate, sales and scan-anomaly alerts surface to the on-call channel
  • External reports via security@zeraket.com are triaged within 24 hours
  • Provider-side fraud signals (payments, KYC) are mirrored into our queue

Response

  • Declare severity and open an incident channel with a named commander
  • Contain: revoke sessions, rotate keys, gate write paths if needed
  • Eradicate: ship the fix, redeploy, verify with synthetic checks
  • Recover: re-open affected flows, confirm with the customer or organizer

Communication

  • Status page updated at declaration and at each material change
  • Affected organizers notified directly for SEV-1 and SEV-2
  • Regulator notification on personal-data incidents within legal timelines
  • Public post-mortem within 10 business days for SEV-1 incidents

Post-incident

  • Blameless review within 5 business days, action items tracked to closure
  • Detection or guardrail change shipped to prevent recurrence
  • Lessons added to the runbook and shared with the engineering team

Report something

Email security@zeraket.com. For coordinated disclosure of a vulnerability, include reproduction steps and the affected URL. We acknowledge within 24 hours.
This plan describes ZERAKET's internal response process. It is operational guidance, not a service-level agreement.