Sengii’s Approach to Vulnerability Testing, Patch Management, and Incident Response

Vulnerability Testing

Sengii performs regular internal and external vulnerability scans on its infrastructure and applications. Penetration testing may also be conducted, and some customers choose to contract third-party assessments and share results with our team for review and remediation. Vulnerability testing typically occurs annually, with any critical issues addressed immediately and medium-priority findings resolved collaboratively with customers to determine the best course of action. Tools such as Lighthouse are used for accessibility and compliance checks, and occasional port scans are performed to ensure there are no open vulnerabilities.

Patch Management

Sengii follows a defined process for identifying, testing, and deploying patches for all operating systems, middleware, application code, and third-party libraries (process overview). All updates are first applied in a staging environment before production deployment. High-severity issues are addressed according to Sengii’s Hosting Service Level Agreement (SLA), ensuring timely response and resolution. Versioning is tracked by date, and development changes are logged and documented by the engineering team for accountability and historical reference.

Incident Response

Sengii maintains a formal incident response plan designed to ensure rapid detection, containment, and communication. In the event of a breach or hack, all affected customers are notified immediately in accordance with legal requirements and our transparency policy. Customers receive regular updates on the incident’s status, impact, and expected resolution timeline. Once resolved, Sengii provides a detailed incident report outlining root cause, corrective actions, and preventive measures.

Our systems are continuously monitored using tools such as ServerMon and TLS 1.2 monitoring, which alert our support team to unusual activity or potential disruptions. We maintain 24/7 customer support during incidents to ensure clear communication and assistance. Backups and recovery procedures are in place to minimize downtime and data loss, and each incident triggers a review to strengthen security controls and improve response strategies.