1. Overview

The Rundoo Incident Management Program (“Program”) provides guidelines for identifying, managing, and resolving security and operational incidents that may impact Rundoo’s systems, data, or services. This Program is designed to ensure prompt and efficient responses to incidents, minimizing potential risks and operational downtime. These guidelines are subject to change at Rundoo’s discretion and do not guarantee specific outcomes.

2. Scope

This Program applies to all security and operational incidents affecting Rundoo’s systems, including but not limited to system outages, data breaches, and performance issues. The procedures outlined below ensure that incidents are managed appropriately but do not cover every possible situation or incident type.

3. Incident Management Process

• Detection and Notification: Rundoo uses PagerDuty to monitor system health and detect incidents. When an incident is detected, PagerDuty automatically alerts the on-call engineer via phone call, email, text message, and SMS. Notifications are configured to override any silence settings on the engineer’s devices, ensuring prompt awareness of the incident.
• Escalation: Rundoo maintains a 24/7 on-call schedule with engineers rotating to provide continuous coverage. If the on-call engineer fails to respond within a defined timeframe, the incident automatically escalates to other team members to ensure timely response and resolution.
• Assessment: Once notified, the engineer assesses the nature and scope of the incident. Immediate containment actions are taken to mitigate potential damage or data loss, while further investigation determines the root cause.
• Resolution: Rundoo leverages GitHub version control to facilitate rapid recovery from system issues. In the event of a malfunction caused by a recent system change, engineers can easily roll back to a previous commit to restore stable system functionality. This rollback capability minimizes downtime and ensures that the integrity of the system is preserved.
• Post-Incident Review: After an incident has been resolved, a post-incident review is conducted to analyze the cause, assess the response, and identify any areas for improvement. This review does not guarantee the prevention of future incidents but informs ongoing security and operational improvements.

4. Communication

Rundoo is committed to transparency during significant incidents. If an incident affects customers or partners, Rundoo will provide timely updates to stakeholders on the status of the incident and any actions taken. However, no specific commitments are made regarding the timing or frequency of these updates.

5. Program Modifications

Rundoo reserves the right to modify or update this Program at any time, without prior notice, based on evolving security threats, operational needs, or legal requirements. This flexibility allows Rundoo to remain agile in its response to incidents, though no specific outcomes are guaranteed.

6. Disclaimer

This Program is intended as a general framework for managing incidents and does not create any contractual rights or obligations. Rundoo disclaims any liability for specific incidents or damages resulting from incidents. While every effort will be made to respond promptly and effectively, this Program provides no guarantees of system uptime, data protection, or security outcomes.

https://embed.notionlytics.com/wt/ZXlKM2IzSnJjM0JoWTJWVWNtRmphMlZ5U1dRaU9pSkNZMlJNVm1seFdHUjViMmRYZERKbVlsQkpaaUlzSW5CaFoyVkpaQ0k2SWpFeU1HVXhNVE01T0RabFlUZ3dNalk0T1dKbVkyUTVaRFF6WkdFd05XWTNJbjA9