Engagement / Service Levels

Published. Contractual.
Audited quarterly.

SLA 15-min ack
Response guaranteed
Severity Matrix

Four tiers. Four clocks. Always running.

Tier
Definition
Response
Target
Critical
Production outage, active breach, data exposure, or security event in progress.
≤ 30 Minutes, 24/7/365
Containment Within 1 Hour
High
Major functionality degraded; +7 CVE disclosed against an in-stack component; auth or payment paths impaired.
≤ 2 Hours, 24/7
Resolution in 6 Hours / +7 CVE Patchd Within 3 Business Days
Medium
Minor functionality issue, UX defect,-7 CVE disclosed against an in-stack component non-blocking regression, or low-severity advisory.
Within 48 Hours
Scheduled Into Next Release Window / -7 CVE Patchd Within 3 Business Days
New Scope Requests
Net-new requirement, missed requirement, or feature not behaving as expected.
Within 48 Hours
Mutually Agreed Delivery Date
★ Custom SLAs

Tight controls? We'll write the matrix to fit.

Responsibility Assignment / RACI

Who owns what. In writing.

R = Responsible · A = Accountable · C = Consulted · I = Informed. Every engagement ships with a RACI ratified by both signatories.

Event / Activity
OwlEye
Client
Manage / monitor / maintain server-side and application-side stack
R / A
I
Implement security patches and hot-fixes across the stack
R / A
I
Vulnerability version control (core, themes, plugins, libraries)
R / A
I
Break-fix / bug remediation in CMS and front-end
R
C
Browser compatibility regression (Chrome, Firefox, Edge, Safari)
R
C
User acceptance testing in dev / staging environments
C
R / A
Approval to promote releases to production
C
A
Net-new development & enhancements (8 hr/mo bucket)
R
A / C
Third-party vendor coordination & change windows
C
R / A
Engagement Lifecycle

From signature to attestation. One continuous loop.

Phase 01

Onboarding & Baseline Patch

Phase 02

24/7 Managed Operations

Phase 03

Regression-Tested Patching

Phase 04

Break-Fix & Browser Assurance

Phase 05

Net-New Development

Phase 06

Reporting & Attestation

Want the full SLA & RACI in your inbox?

We’ll send the un-redacted Master Service Agreement template, severity matrix, and RACI workbook for your legal and risk teams to review.