10036 Park Cedar Drive | Charlotte, NC 28210 | Tel (704) 554-1670 | www.3plsoftware.com

Camelot Incident Response Policy

1. Purpose

The purpose of this Incident Response Policy is to define a clear and consistent framework for identifying, responding to, mitigating, and communicating incidents that may impact the Excalibur WMS platform, customer data, or third‑party integrations. 

This policy supports Camelot 3PL Software’s commitment to maintaining high standards of availability, security, reliability, and customer support.

2. Scope

This policy applies to: 

  • All Excalibur systems, infrastructure, and services managed by Camelot 3PL Software 
  • All Camelot 3PL Software employees, contractors, and authorized third-party vendors 
  • Any incident involving:  
    • Security, privacy, or data integrity risks
    • Camelot hosted solutions 
    • Client facing Excalibur web modules 

All personnel are responsible for promptly reporting suspected or confirmed incidents to support@3plsoftware.com

3. Incident Classification and Response Commitments

Incidents are classified based on business impact, scope, and urgency. Camelot business hours are Monday through Friday, 8:30am to 6:30pm Eastern Time, excluding company-recognized holidays. 

Important Note on Commitment: All incident response and notification commitment times outlined in this section are measured from the point at which Camelot has identified, confirmed, and classified an incident. Commitment times do not begin at the moment an incident first occurs, but rather when Camelot becomes aware of and validates the incident.  

P1 – Critical Incident 

Definition: 

  • Widespread service outage impacting multiple customers 
  • Complete outage of Excalibur WMS 
  • Reported or suspected security vulnerabilities or security incidents submitted by customers 

Response Commitment: 

  • Initial response within 1 hour, inside or outside of business hours (24 hours per day, 7 days per week). 

P2 – High Priority Incident 

Definition: 

  • Moderate business impact 
  • Partial loss or degradation of service where business operations can continue in a limited or impaired manner 
  • Application errors affecting multiple users but not a full system outage 

Response Commitment: 

  • Initial response within 4 hours during Camelot Business hours 

P3 – Low Priority Incident 

Definition: 

  • Minimal business impact 
  • Service is largely operational with minor issues 
  • General questions, configuration assistance, or documentation requests 

Response Commitment: 

  • Initial response within 8 Hours during Camelot Business hours 

4. Incident Response Process 

4.1 Intake and Routing 

All reported incidents are logged and routed to the appropriate support or technical team. Security related incidents are escalated immediately to the System Administration team. 

4.2 Triage 

The Support Administrator: 

  • Reviews incoming incident reports 
  • Assigns severity based on defined classification criteria 
  • Escalates suspected security incidents to a Senior System Administrator for validation and severity confirmation 

4.3 Identification and Analysis 

The Support Administrator and System Administrator collaborate to: 

  • Confirm whether an incident has occurred 
  • Document findings and preserve relevant information 
  • Review logs, alerts, and system behavior 
  • Research related incidents and potential resolutions 
  • Report findings to Camelot 3PL Software leadership as appropriate 

4.4 Containment 

The System Administrator takes appropriate steps to minimize impact, including: 

  • Limiting system access 
  • Temporarily disabling affected credentials, systems, or integrations 
  • Communicating potential service disruptions and initiating business continuity procedures if required 

4.5 Investigation and Impact Analysis 

  • Determine root cause, scope, and affected systems or data 
  • Preserve logs and evidence for forensic or compliance review 

4.6 Eradication & Recovery 

  • Remove malicious components or remediate exploited vulnerabilities  
  • Restore systems to a secure operational state  
  • Validate system functionality and data integrity  
  • Implement enhanced monitoring if needed 

4.7 Post Incident Review 

Following resolution, Camelot 3PL Software will: 

  • Conduct a post incident review 
  • Document lessons learned and corrective actions 
  • Produce an After Action Report for leadership review 
  • Update documentation, controls, or training as necessary 
  • Implement preventive measures where feasible 

Policy Review and Maintenance 

This policy is: 

  • Reviewed at least annually  
  • Updated following significant incidents or changes in client, or 3rd party vendor requirements.  
  • Approved by Camelot 3PL Software leadership