Skip to content
Log in

Escalation criteria

Definition

The documented conditions that require an analyst to transfer an incident to a higher tier or to external stakeholders. Examples include: severity threshold breach, time elapsed without containment, involvement of executive accounts, and approaching regulatory notification deadlines.

Related terms

Contact tree
A structured list of individuals and teams to notify during an incident, showing the order of contact and the conditions under which...
Handoff package
The bundle of information an analyst prepares before transferring an incident to a higher tier. Contents include incident ID, timeline, severity, containment...
P1/P2/P3/P4 severity tiers
A common four-level severity classification used in SLA structures. P1 (Critical) carries the shortest time windows; P4 (Low) carries the longest. The...
Service-level agreement (SLA)
A policy or contractual commitment defining how quickly the SOC must perform specific actions (acknowledge, escalate, contain, resolve) for incidents of each...
SLA breach
An instance where a required action was not completed before its SLA timer expired. Each breach is recorded against the incident ticket...

Explained in

  • Escalation Procedures and SLA ManagementThe documented conditions that require an analyst to transfer an incident to a higher tier or to external stakeholders. Examples include: severity threshold br...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account