Security Response SLA

Why a Security Response Process?

Security vulnerabilities in software are unavoidable. What matters is how quickly and systematically they are addressed. ITOMIG is the only iTop partner to offer a formalised, CVSS-based Security Response process.

The 4-Phase Process

• Phase 1: Detection & Assessment — A security vulnerability is identified and evaluated according to the Common Vulnerability Scoring System (CVSS).
• Phase 2: Analysis & Classification — ITOMIG analyses the impact on the iTop+ product line and identifies affected customers.
• Phase 3: Information & Recommendations — Affected customers are proactively informed — with risk assessment and concrete recommendations for action.
• Phase 4: Patch & Verification — A patch is provided, the fix verified and customers supported during implementation.

What Makes This Process Special?

• CVSS-based: Objective, standardised risk assessment — no subjective judgements
• Proactive information: You learn about vulnerabilities before they become a problem
• Automated information flow: Combodo → ITOMIG → Customer — structured and traceable
• Documented: The entire process is documented on GitHub and transparent
• Rare in the market: Structured, CVSS-based Security Response is uncommon in the ITSM sector — ITOMIG is one of the few providers to have formalised and transparently documented this process.