Support Process

  1. If you have a premium/enterprise support agreement and the issue is critical/severe, you should escalate to your primary or secondary contact once the issue has been logged (via the ticketing system).
  2. CheckSec Support will review and triage the issue, with responses given within the agreed support response times.
    1. Further information may be requested, such as logs files, browser debug data, etc.. 
    2. In the scenario of more complex issues, a remote debugging may be suggested (if possible). CheckSec can support Hipchat, WebEx, Skype (For Business) and Google Hangouts for remote debugging purposes.
  3. A resolution (workaround or hotfix) will be provided within the agreed response time.

A hotfix is an interim software update that is provided to address a specific issue, and does not require updating the full environment. These types of patches are usually less impacting than a full upgrade between releases.

Recording issues/bugs

All issues must first be recorded via the support ticket system. In general, the support ticket system should be used for tracking issues - forums are available for general questions, feature requests, etc. 

The support ticket system is available at: 

All Canopy related log files are stored under:


These may be requested from time to time for debugging purposes.

For user-interface specific issues, you may be requested to provide any error statements or other details from the browser. This information can be obtained in the following ways:

Support Hours

CheckSec provides support during the following times:

Support levelSupport hours
Standard09:00 - 17:00 GMT (BST), Monday to Friday
Premium/Enterprise07:00 - 19:00 GMT (BST), Monday to Friday.

Exceptional out-of-hours support may be granted to Premium/Enterprise clients for support during specific activities, such as planned upgrades. Please contact your account manager to discuss such requirements.

Critical Level 1 issues affecting our Premium/Enterprise users can be escalated via their account manager between 07:00 GMT (BST) and 21:00 GMT (BST).

Service Level Agreement

We're committed to responding to all requests in a timely manner. However, some requests are more important than others. Specifically, any critical (Level 1) and serious (Level 2) issues that affect our users ability to get their job done are given priority. The following table summarises CheckSec's service levels and response times (within the defined 'Support Hours' as stated above).


  • Level of severity: the severity of the issue, used to determine appropriate response times.
  • Description: a summary description of the severity level.
  • Characteristics: typical characteristics of an incident at a given severity level. This is for guiding purposes. CheckSec will determine the severity during triage - if it is unclear at the time of reporting.
  • First response: this is defined as the maximum amount of time it will take CheckSec to respond to your query. Note that response times are based on the severity level, and some response times may not be guaranteed.
  • Workaround/Resolution: this is the defined period for providing a suitable workaround/resolution to the issue (aka response to resolution). Workarounds and resolutions will be offered on a case by case basis, but the aim will be to ensure that Canopy can be made usable within the guaranteed workaround/resolution response time - where applicable. Temporary resolutions may be provided in the case where executing a full resolution may require a more significant amount of time.
Level of severityDescriptionCharacteristics



Level 1 - Critical

Critical business impact:

A critical issue affecting production systems that is critically impacting business operations. A large number of users impacted; no workaround procedural available.

  • Canopy is not available (due to a Canopy specific bug). By 'not available', we mean that the service is not loading/accessible (under normal circumstances), users cannot login via any of the supported authentication mechanisms or some other issue that generally prevents users logging into the system.
  • Critical functionality is not available (e.g. report generation, adding projects/phases/findings/assets)
  • Significant, unrecoverable, data loss or corruption
  • Significant number of users affected

First response:

<4 business hours


Next business day

First response:

<1 business hour


<24 hours

Level 2 - Major

Major business impact:

A major issue affecting production systems that is significantly impacting business operations. A large number of users impacted; partial/full procedural workaround available.

  • Significant performance impact under normal operating conditions
  • Important functionality not available (e.g. managing templates, methodologies)
  • Low number of users affected

First response:

<4 hours


1-2 business days

First response:

<2 hours


<24 hours

Level 3 - Minor

Minor business impact:

Issue causing a partial or non-serious loss of functionality on production system. A small number of users are affected.

  • Minor performance impact under normal operating conditions
  • Minor impact to functionality
  • Low number of users affected

First response:

Next business day.


Resolution provided 10 business days or next release (star)

First response:

Next business day


Resolution provided five business days or next release (star)

Level 4 - Negligible

Negligible business impact:

Issue occurring on production systems that has no significant operational impact (e.g. cosmetic) or has a full workaround. Also considered at this level: issues affecting non-production systems (e.g. dev/test), questions, comments, feature requests, documentation issues and any other non-impacting issue.

  • Incorrect behaviour of the application, with no significant impact on business operations (e.g. incorrectly set up templates)
  • Other requests

First response:

No guaranteed response time.


No agreed time. Issues will be rolled into planned releases.

First response:

Next business day


No agreed time. Issues will be rolled into planned releases.

(star) As agreed with the client. 

CheckSec is not responsible for operational issues affecting the hardware and operating system that Canopy is installed on. Users are expected to configure Canopy in the correct and supported way; and to ensure good 'house keeping' to maintain a stable environment for Canopy to operate within. 

Escalation (Premium/Entrprise)

For critical/major issues, once the issue has been recorded in the ticketing system, you should escalate to your primary or secondary point of contact.

Supported releases

Canopy releases are issued on an approximately 4-6 week development cycle. This may vary depending on specific objectives and customer requirements. Significant feature releases will typically be released quarterly. However, release schedules will be determined on a case by case basis, and will be based on ensuring stability and delivering what our users require in the most expedient time possible.

For critical and major issues, hot fixes will be released for all supported versions of Canopy based on the response times.

Each release of Canopy is based on an MAJOR.MINOR.PATCH release system, as explained below:

MajorA major release will mean a significant change to Canopy, which is likely to include significant changes in the systems behaviour. Major releases are linked to longer term objectives and are likely to result in breaking of backwards compatibility.
MinorA minor release will incorporate important new features. We aim to include important new features on a frequent basis (typically four times per year). However, the feature release cycle is dependent on user demands, and as such it may fluctuate. Backwards compatibility may be broken - where possible, we will try to minimise this.
PatchPatch releases contain mostly bug fixes and improvements. However, occasionally we will include minor new features. Backwards compatibility will not be affected during patch releases.

We aim to have approximately 4 feature releases per year, however, such release schedules may fluctuate due to planning and user feedback.

Maintenance on previous releases will only be guaranteed to address issues that are deemed as Critical and Major. New feature development and minor/negligible bugs and improvements will only occur on the CURRENT MAJOR.MINOR release, unless otherwise stated by CheckSec.

Premium support and releases

Official support for significant Canopy feature releases (MAJOR.MINOR) will be offered for 12 months from the release date of the next release for Premium users. For example, if you are currently on X.0.5 and X.1.0 is released today, maintenance support for release X.0 would continue for another 12 months from that point.

Standard support and releases

For our Standard users, we aim to support the current and previous release of Canopy. For transitions between MAJOR releases (e.g. from 3.x to 4.x), we will provide 6 months of support for the previous latest MAJOR.MINOR release of Canopy prior to the new MAJOR release. 

Supported configuration

Canopy can only be supported under certain conditions. The following requirements must be me in order for CheckSec to provide support for Canopy.

Operating systems

The following operating systems are supported

Operating systemVersions supported
Ubuntu (star)16.04 LTS
RedHat Enterprise Linux (RHEL)7.x
Oracle Enterprise Linux (OEL)7.x

Note: deployments on AWS are possible and have been tested using the Amazon and Canonical supported AMIs.

Database servers

The following database server versions are supported:

DatabaseVersions supported
PostgreSQL (star)9.3+
Oracle DB Server12c

Supported tools and versions (importers)

Canopy maintains support for a number of tools which our users depend on. This tool list may change from time to time, and versions are tracked as frequently as possible (in some cases, automated validation is in place, in others it is not).

For a full list of tools supported by Canopy and the latest versions supported, please see:


Supported versions of Microsoft Word (template creation)

Our template mapping plugin has been tested on the following versions of Microsoft Word (Windows only):

  • Word 2010, 2013, 2016, 365

Security vulnerabilities and disclosure policy

Our customers can use the ticketing system to record security issues. For non-customers, please feel free to email us at

We treat all serious security issues as Level 1 severities and aim to respond within 1 hour (during normal operating hours).

We are happy to work with you on disclosing security issues publicly. We aim to provide as much transparency as possible to our customers on security issues.