CH 03 · OPEN · OPTIMAL FEDERAL
Incident Notification Procedure
- Tenant
- Optimal Labs — Self-Attestation (t-optimal-labs)
- Contact
- ryan@gooptimal.io
- Audit window
- 2026-04-15 03:04:16 UTC → 2026-05-15 03:04:16 UTC
- Generated
- 2026-05-15 03:04:16 UTC
24hNotification SLA
CHANNELTier
What constitutes a notifiable incident
- Data plane. Confirmed unauthorized access to the gateway's runtime memory or audit
store. Confirmed compromise of API key validation. Confirmed exfiltration of audit metadata.
- Control plane. Confirmed unauthorized administrative access to Optimal's deploy
infrastructure. Confirmed CMK material compromise. Confirmed CloudTrail tampering or gap.
- Upstream provider. Confirmed incident at Bedrock / Vertex / AOAI that affects the
customer's traffic. Optimal forwards the upstream notification within 24h.
What is NOT a notifiable incident
- Customer-side compromise (your IdP, your app server, your API key custody).
- Customer's content quality issues (model output disputes, prompt-injection attempts that the
gateway successfully blocked).
- Routine maintenance events covered by the change-management procedure.
Notification SLA
Optimal will notify the customer contact on file (ryan@gooptimal.io) within
24 hours of incident confirmation. Tier upgrades shorten this SLA.
Notification content
- Incident classification (data plane / control plane / upstream).
- Time of detection and time of confirmation.
- Affected scope (audit_id range, api_key_id list, model/provider).
- Forensic metadata available for customer review. Note: prompt + response bodies do not exist
at rest within the gateway boundary; "forensic data" in this context is metadata.
- Containment status and next steps.
Customer responsibilities during incident
- Rotate the affected API key(s) on receipt of the notification.
- Quiesce traffic through the gateway if your incident response plan calls for it.
- Provide a customer-side contact who can respond within your own internal SLA.