1. Response Mission Statement

Nexly.biz (the “Company”) maintains a "Hostile Infrastructure" mindset. We assume that incidents are inevitable and our mission is to out-pace, out-maneuver, and out-last any threat actor. This policy establishes the structural framework for detecting, containing, and eradicating security anomalies while maintaining the operational availability of our global educational network.

2. Structural Scope

The IR framework covers all Nexly digital assets, hardware nodes, cloud VPCs, and third-party data integrations. It applies to every person or entity with authorized access to the Company’s compute fabric.

3. SIRT Governance & Roles

The Security Incident Response Team (SIRT) is the supreme tactical authority during a declared incident. SIRT roles include:

• Incident Commander (IC): The single point of executive authority responsible for triage and resource orchestration.
• Forensic Lead: Technical lead responsible for digital evidence preservation and root-cause trace.
• Communications Lead: Responsible for managing internal status streams and external regulatory disclosures.

4. Incident Severity Classification

5. Unified Response Lifecycle

Nexly utilizes the NIST SP 800-61 framework for incident management:

• Identification: Detection via SIEM, EDR, and user reporting nodes.
• Containment: Rerouting traffic or isolating compromised VCP subnets.
• Eradication: Identifying and neutralizing the "Patient Zero" entry vector.
• Recovery: Restoring services from a "Last Known Good" state.

6. Containment & Node Isolation

Our infrastructure features automated "Circuit Breakers." If a node exhibits behavior consistent with a known attack pattern (e.g., massive database egress), it is automatically moved to a software-defined sandbox for forensic analysis, protecting the remaining platform.

7. Internal Triage Communication

Incident management is performed over out-of-band, encrypted channels to prevent threat actors from monitoring our response efforts. All P1/P2 incidents trigger an immediate "War Room" coordination protocol.

8. External Breach Protocol

Nexly commits to radical transparency. In the event of a verified breach of unencrypted personal data, we will notify affected users within 72 hours of verification across all viable channels (email, dashboard alert, and official blog).

9. Law Enforcement Coordination

We actively collaborate with global law enforcement agencies (Interpol, Europol, FBI) to prosecute cyber-criminals. Evidence gathered during an incident is shared with authorities according to relevant jurisdictional laws and legal subpoenas.

10. Systemic Recovery Protocols

Recovery is only initiated after the "Eradication" phase is confirmed. Restored systems undergo a "Hardening Audit" before they are permitted to re-enter the production load-balancing pool.

11. Evidence Preservation Standards

Memory dumps, disk images, and network logs from compromised nodes are forensically hashed and moved to immutable, write-once storage (WORM) to ensure their validity for any following legal or insurance proceedings.

12. Post-Mortem Analysis & Hardening

Every P1/P2 incident requires a mandatory post-mortem within 48 hours of recovery. The findings are used to patch logic gaps, update security training, and tune SIEM alerts, further evolving our "Self-Defending" ecosystem.

13. Incident Reporting Node

If you detect a suspicious activity, a potential software vulnerability, or suspect your account has been compromised, you are mandated to notify the SIRT immediately at the address below.

14. Response & Recovery Desk

For immediate incident disclosure, to check the status of a declared emergency, or to request a post-incident summary, please contact the Incident Commander.