Availability is 99.8% excluding maintenance windows.
Snapshot backups are done every day. Retention period is 40 days.
Maintenance windows can occur a maximum of once per week. They’re announced 3 days in advance and can take up to 4 hours. Where possible, maintenance is scheduled outside of your business hours.
Acrolinx Private Cloud always exclusively supports the newest Acrolinx releases. Some releases are exclusively provided to Acrolinx Private Cloud customers.
We classify by high, moderate, and low security risk. For high risk issue, we aim to remediate within 30 days. For medium risk issues, we aim to remediate within 90 days. For low risk issues, we don’t commit to a remediation date. These issues are worked on in the regular release cycle.
We use the severity ratings and score provided to us by Snyk and it is fully documented online here. They explain exactly how they reach the calculated CVSS score and cite their references. They do use research data from the NVD and other places along with their own proprietary research. Snyk is well established in the security industry and have gained the community’s trust in their scoring algorithms. These are some official Snyk docs on Severity levels (which is what we use to determine the severity of a CVE).