Our commitment to response and availability
SOC in a Box is a 24/7 managed security service. These are the response times, availability guarantees, and escalation paths we commit to for every client.
Monitoring availability
Incident response times
| Severity | Description | Initial Response | Update Frequency |
|---|---|---|---|
| Critical (P1) | Active breach, ransomware execution, confirmed data exfiltration | 15 minutes | Every 30 minutes |
| High (P2) | Suspected compromise, malware detected, anomalous privileged access | 30 minutes | Every 2 hours |
| Medium (P3) | Policy violation, phishing attempt blocked, vulnerability identified | 4 hours | Daily |
| Low (P4) | Informational alert, configuration recommendation, routine finding | Next business day | Weekly report |
Escalation path
SOC Analyst
Alert triage and initial investigation. All alerts are human-reviewed.
Senior Analyst
Deep investigation, threat hunting, and response coordination.
SOC Manager
Incident management and client communication for P1/P2 events.
CISO / Founder
Executive escalation for critical incidents and regulatory liaison.
Support channels
Security operations
- 24/7/365 monitoring — alerts are triaged in real time
- Critical incidents trigger immediate phone escalation
- Monthly Confidence Score report delivered to your inbox
General support
- Monday–Friday, 09:00–17:30 GMT for non-security queries
- Email: hello@cyber-defence.io
- Support portal available for ticket tracking
Planned maintenance
Scheduled maintenance windows are communicated at least 72 hours in advance. Wherever possible, maintenance is performed outside UK business hours (typically Sunday 02:00–06:00 GMT). Emergency patching may occur at short notice — affected clients are notified immediately.
Questions about our SLA?
Our team is happy to walk through the SLA in detail during a scoping call, or you can request a copy of the full contractual SLA document.
Book a Scoping Call Contact Support