Service Level Agreement

Last updated: April 15, 2026. This Service Level Agreement ("SLA") applies to ThreatGrid managed security service clients. Specific SLA terms may be modified by the signed service agreement between ThreatGrid and the client organization. In the event of conflict, the signed service agreement supersedes the terms of this published SLA.

1. Scope

This Service Level Agreement applies to organizations engaged under a ThreatGrid managed security service agreement, including Essential, Advanced Defense, and Enterprise MSSP tiers, and any custom service arrangements. This SLA does not apply to TLINK PRO self-service platform access or free public diagnostic tools, which are provided on a best-effort basis.

2. Service Tiers and Response Time Commitments

ThreatGrid's response time commitments vary by service tier. The following defines initial response time — the time between a client's notification of a security event or urgent request and ThreatGrid's first substantive acknowledgment:

2.1 Essential Tier

• Standard support requests: Response within one (1) business day
• Security alert triage notifications: Delivered during business hours (9 AM – 6 PM local client time, Monday–Friday, excluding major holidays)
• Urgent escalations (confirmed active incident): Response within four (4) business hours
• Monthly reporting delivery: Within five (5) business days following the end of each calendar month

2.2 Advanced Defense Tier

• Standard support requests: Response within four (4) hours, during business hours
• Security alert triage: Continuous monitoring with business-hours analyst review and notification
• Urgent escalations (confirmed active incident): Response within four (4) hours, including outside business hours for critical severity events
• Monthly reporting delivery: Within three (3) business days following the end of each calendar month

2.3 Enterprise Tier

• Standard support requests: Response within one (1) hour, 24/7
• Security alert triage: 24/7 continuous monitoring with immediate escalation for critical severity events
• Urgent escalations (confirmed active incident): Response within one (1) hour, 24/7/365
• Monthly reporting delivery: Within two (2) business days following the end of each calendar month
• Dedicated analyst availability: Scheduled touchpoints per agreed cadence; ad-hoc availability during business hours

3. Severity Classification

ThreatGrid uses the following severity classifications to prioritize responses:

Critical (P1)

Active confirmed compromise, ransomware deployment, unauthorized access to client systems, data exfiltration in progress, or any event with immediate material business impact. ThreatGrid initiates response procedures within SLA timelines for the client's tier and maintains active engagement until the immediate threat is contained.

High (P2)

Confirmed threat indicators with high likelihood of imminent compromise, unauthorized access attempts showing active progression, or significant vulnerability exposure requiring urgent remediation guidance. ThreatGrid responds and provides initial assessment within twice the standard urgent escalation window for the client's tier.

Medium (P3)

Anomalous behavior requiring analyst investigation, non-critical vulnerability findings, compliance gap notifications, or policy violations with no immediate active threat. Response delivered within standard support request timelines.

Low (P4)

Informational alerts, routine hygiene items, scheduled report delivery, general inquiries, and account management requests. Addressed in regular analyst touchpoints or within the standard support response window.

4. TLINK PRO Platform Availability

ThreatGrid targets 99.5% monthly availability for the TLINK PRO platform and associated monitoring infrastructure for managed service clients. Availability is calculated as: ((Total minutes in month − Unplanned downtime minutes) / Total minutes in month) × 100.

Scheduled maintenance windows, third-party infrastructure outages outside ThreatGrid's control, and events caused by client misuse or policy violations are excluded from availability calculations. ThreatGrid will provide advance notice of scheduled maintenance where operationally feasible, typically with at least 24 hours' notice for windows exceeding 30 minutes.

5. Incident Response Procedures

Upon identification of a Critical (P1) event, ThreatGrid will: (1) notify the client's designated security contact via the agreed communication channel (email, phone, or secure messaging); (2) begin active triage and containment assistance; (3) provide status updates at regular intervals (no less than every two hours for active P1 events); and (4) deliver a post-incident summary within five (5) business days of incident closure. Specific IR procedures may be defined in the client's signed service agreement or IR Readiness Assessment findings.

6. Client Obligations

To enable ThreatGrid to meet its service commitments, clients are responsible for: maintaining accurate contact information for their designated security point of contact; ensuring ThreatGrid-required monitoring integrations remain operational and in scope; providing timely responses to ThreatGrid requests for information during active incidents or assessments; notifying ThreatGrid of significant changes to in-scope infrastructure; and maintaining active billing status under the applicable service agreement.

ThreatGrid's SLA obligations are suspended where delays are caused directly by the client's failure to respond, provide access, or meet these obligations.

7. Exclusions

The following events are excluded from SLA calculations and do not constitute a service level failure:

• Scheduled maintenance with advance notice
• Events caused by third-party infrastructure failures outside ThreatGrid's control (internet backbone outages, cloud provider incidents, etc.)
• Service disruption caused by the client's own actions, misconfigurations, or failure to meet client obligations
• Force majeure events including natural disasters, government actions, or widespread infrastructure disruptions
• Events caused by security incidents targeting ThreatGrid's own infrastructure where ThreatGrid is also the victim

8. Service Credits

In the event that ThreatGrid fails to meet TLINK PRO platform availability commitments, clients may be eligible for a service credit equal to a prorated portion of the monthly service fee corresponding to the period of unavailability, subject to the terms of the signed service agreement. Service credits must be requested within thirty (30) days of the qualifying event and are the client's sole remedy for availability failures. Credits do not apply to response time commitments except where explicitly stated in the signed service agreement.

9. Modifications

ThreatGrid may update this published SLA from time to time. For clients operating under a signed service agreement, changes to SLA terms require written agreement between both parties. Updates to this published SLA apply to new engagements unless otherwise negotiated. Material changes will be communicated to active clients with reasonable advance notice.

10. Contact and Escalation

For service-related issues, initial contact should be made through your designated analyst or the ThreatGrid support channel established in your onboarding documentation. For escalations or SLA-related concerns, contact support@threatgrid.tech. Enterprise clients may escalate directly to their dedicated senior analyst.