.png)
Severity levels
Overview
Some request forms include the Severity field, which lets you set different levels of damage caused by bugs or security issues. Severity levels are not related to speed, i.e., how fast your requests will be processed, though they are tied to different specialists and processes. Selecting the wrong severity level can actually prolong the resolution time because issues will bounce between various departments. If you are unsure, please select Medium and ask your client manager to adjust the level after the request evaluation.
Severity levels
Level | Description |
|---|---|
Critical | Business halted, services or products not working entirely. |
High | Significant functionality loss, some parts or services have stopped working, and the fact affects your business. |
Medium | Partial functionality degradation: A product or a service is working, but not completely. Your clients or agents can still use the core functionality. |
Low | Minor impact on business operation. It can be a text typo, wrong pictures, something not working as usual, or UX/UI glitches not affecting business directly. |
Review the conditions in the following sections to determine the appropriate severity level. If no condition matches your case, select the Low severity level.
Critical Severity
Critical status is only applied when all customers or core revenue services are completely unavailable or when regulatory or security breaches occur. This ensures the most urgent situations receive the fastest possible response.
Business Impact
Immediate and total halt of operations.
Revenue flow is interrupted across the platform.
Potential legal penalties or regulatory sanctions.
Severe reputational damage affecting major clients or public trust.
An issue is Critical if it meets any of the following measurable conditions:
# | Condition | Measurement / Threshold |
1 | The core revenue-generating service is completely unavailable to all customers | 100 % of transactions or a core function is unavailable for longer than the applicable SLA recovery threshold |
2 | Outage or failure results in continuous direct financial losses | Estimated financial loss or exposure is material in scale or regulatory consequence for our platform or any partner bank. |
3 | Breach of regulatory/compliance requirements with risk of fines or license suspension | Confirmed violation reported by the regulator or compliance team |
4 | Confidential or sensitive data is publicly exposed or compromised | Verified by security monitoring or third-party alert |
5 | No viable workaround exists for a core business function, and its failure halts critical operations or revenue generation | Alternative manual or automated paths are unavailable |
6 | Suspected regulatory or security breach with credible indicators – Treat as Critical until investigation confirms or rules out exposure | Suspicious activity flagged by security monitoring tools or credible third-party reports. |
Examples
Payment authorization is down for 100% of users for more than 10 minutes.
Card issuing/activation fails globally.
Breach of Central Bank or financial regulator requirements.
Confirmed data leak of customer personal or financial information.
Full infrastructure outage affecting all client-facing systems.
A payment processing issue (duplicate transactions/charges, etc.)
High Severity
High status is applied when a major function is severely degraded or unavailable for a large portion of customers, but core revenue services are not fully halted. These issues require urgent attention, but do not meet the thresholds for Critical.
Business Impact
Major impact on operations or revenue, but some core processes remain functional.
Customers may be unable to use important services.
High risk of escalation to Critical if unaddressed.
Possible reputational damage if prolonged.
An issue is High if it meets any of the following measurable conditions:
# | Condition | Measurement / Threshold |
1 | Significant functionality loss affecting a key service for a large user base | ≥ 30 % of customers or transactions are impacted for longer than the applicable SLA recovery threshold |
2 | Service degradation causes delayed or failed processing with notable losses | The estimated direct financial loss is significant but not business-halting |
3 | A failure that risks missing key client deliverables or SLAs | Confirmed by operations or customer success teams |
4 | A workaround exists, but it is complex or unsustainable under normal operations | Requires manual intervention or extra staff effort |
Examples
Transaction history is unavailable for all users, but payments are still processing.
SMS confirmation codes are not being sent, delaying user authentication.
An error in fee collection causes direct but limited financial loss.
A stuck transaction affecting a key enterprise client.
Moderate Severity
Moderate status is applied when a non-core service is partially degraded or unavailable, or when only a limited group of customers or processes is affected. These issues have a manageable business impact and may have a workaround available.
Business Impact
Partial functionality degradation without halting core operations.
Minor impact on revenue or reputation.
Noticeable workflow disruption, but business can continue.
Typically, no regulatory risk or widespread customer disruption.
An issue is Moderate if it meets any of the following measurable conditions:
# | Condition | Measurement / Threshold |
1 | Non-core service is down or malfunctioning | Affects < 30% of users or transactions |
2 | Impact on operations is limited and manageable | The estimated direct financial loss is limited and manageable |
3 | A workaround exists and allows core operations to proceed | Manual or alternate process available |
4 | A limited group of customers or partners is affected | Confirmed by monitoring or support reports |
Examples
Partner reports are not generating for some clients.
The Print button for a document is broken (unless printing is a core workflow for your business).
Incorrect notifications are sent (non-financial).
A UI/UX glitch occurs but does not block functionality.