# Incident Severity Matrix

| Severity | Criteria | Examples | Required response |
| --- | --- | --- | --- |
| SEV-1 Critical | active compromise, regulated data exposure, patient safety risk, widespread outage | ransomware, PHI exfiltration, production credential leak | executive/legal bridge, immediate containment, notification analysis |
| SEV-2 High | likely unauthorized access to personal/confidential data or material service impact | stolen laptop with sensitive data, exploited vulnerability | incident commander, forensic review, customer assessment |
| SEV-3 Medium | limited exposure, attempted compromise, contained vulnerability | misdirected email, low-risk data leak | triage, remediation, documentation |
| SEV-4 Low | no data exposure, policy issue, benign test | spam report, false positive | ticket and monitor |
