Incident Response Overview

CertiNext follows a structured and well-defined incident response process to detect, assess, contain, and remediate security incidents in a timely and transparent manner. Given the trust-critical nature of certificate lifecycle management and public trust services, incident response is treated as a high-priority operational function with clear escalation paths and communication commitments.

Incident Detection and Assessment

CertiNext continuously monitors its platform, infrastructure, and applications for security events and anomalies. Incidents may be identified through:

• Internal monitoring and alerting systems

• Security tooling and logs

• Automated detection mechanisms

• External or third-party reports

Once detected, incidents are triaged to assess scope, impact, severity, and affected customers or services.

Customer Notification Commitment

For security breaches or incidents that impact customer data or service integrity, CertiNext follows a clear notification policy:

• Affected customers are notified within 24 hours of incident confirmation

• Notifications include available details on:

  • Nature of the incident

  • Impacted services or data

  • Immediate containment actions taken

  • Next steps and remediation plans

This ensures transparency and enables customers to take any required internal actions promptly.

Incident Response for Public Trust Services

For public trust services (such as emSign), incident handling follows the mandatory requirements of the public trust ecosystem, including:

• CA/Browser Forum incident handling guidelines

• Common CA Database (CCADB) disclosure requirements

• Browser and root store incident response expectations

Key obligations include:

• Acknowledgement to the incident reporter within 24 hours

• Submission of a preliminary incident report (typically within 3 calendar days)

• Ongoing updates and final incident reports as required

• Public disclosure through prescribed channels such as Bugzilla, in line with mandated timelines

These processes ensure consistency, accountability, and transparency across the global public trust ecosystem.

Containment, Remediation, and Recovery

Following identification:

• Immediate containment actions are taken to limit impact

• Root cause analysis is performed

• Corrective and preventive actions are implemented

• Systems and controls are validated before full closure

Where applicable, lessons learned are incorporated into platform improvements and security controls.

Governance and Oversight

All incidents are:

• Logged and tracked through formal incident management processes

• Reviewed by security and operations leadership

• Used to improve detection, response, and preventive controls

Incident records are retained to support audits, compliance reviews, and regulatory obligations.

Summary

CertiNext’s incident response framework is designed to deliver rapid detection, timely communication, and standards-aligned remediation. With a 24-hour customer notification commitment for security breaches and strict adherence to CA/Browser Forum and CCADB requirements for public trust services, CertiNext ensures that incidents are handled transparently, responsibly, and in line with global trust and security expectations.