Documentation Index
Fetch the complete documentation index at: https://docs.commenda.io/llms.txt
Use this file to discover all available pages before exploring further.
Overview
This framework provides structured criteria for assessing incidents and determining appropriate response levels. Use these dimensions to classify incidents and guide decision-making.Assessment dimensions
1. Scope of impact
Determines how many customers are affected and whether the issue is isolated or systemic.1.1 Single-customer impact
Characteristics:- Only one legal entity/customer affected
- Often customer-specific configuration or integration issue
- May be reproducible for other customers if triggered the same way
- Bad address payload from specific customer
- Customer-specific registration threshold configuration error
- Customer-specific product mapping issue
- Customer-specific exemption logic error
1.2 Multi-customer partial impact
Characteristics:- Subset of customers affected
- Often tied to specific integration, jurisdiction, or feature
- Most dangerous because it looks isolated but is systemic
- Customers using specific integration (e.g., Shopify only)
- Customers in specific jurisdiction (e.g., CA sourcing rule bug)
- Customers using specific feature (MPU, marketplace logic, reverse charge)
1.3 Global impact
Characteristics:- All customers or all transactions affected
- Platform-level issue
- Immediate escalation required
- Tax engine unavailable
- Core ruleset regression
- Address resolution failure
- Rate service failure
2. Temporal nature
Determines when the issue occurred and how long it persisted.2.1 Hard downtime
Characteristics:- Tax calculation endpoint unavailable
- Timeouts/5xx errors
- Explicit fail-closed behavior
- Missed tax collection
- Missing invoice fields
- Customer operational blockage
- Highly visible to customers
2.2 Soft downtime
Characteristics:- Calculations occur but are wrong
- More dangerous than hard downtime
- Often detected late
- Zero tax applied incorrectly
- Wrong jurisdiction sourced
- Wrong rate applied
- Exempt logic misfiring
- Historical correction required
- Compliance implications
- Customer trust impact
- May affect filed returns
2.3 Intermittent/partial failures
Characteristics:- Only some transactions fail
- Retry-dependent behavior
- Time-window specific
- Hardest to detect and explain
- Difficult to reproduce
- Customer confusion
3. Financial exposure magnitude
Determines the dollar value at risk.3.1 De minimis exposure
Threshold: < $1,000 total misreported tax Characteristics:- Low volume or test transactions
- No filings impacted yet
- Minimal customer impact
3.2 Material but contained exposure
Threshold: 10,000 Characteristics:- One or two jurisdictions
- May affect filed vs. unfiled boundary
- Moderate customer impact
3.3 Material and reportable exposure
Threshold: 100,000 Characteristics:- Multiple jurisdictions
- Potential customer restatement or amended filings
- Significant customer impact
3.4 Systemic financial risk
Threshold: > $100,000 or growing without cap Characteristics:- Exposure grows with every transaction
- No natural cap
- Time-sensitive to stop propagation
4. Compliance lifecycle impact
Determines where in the tax lifecycle the error occurred.4.1 Pre-invoice
Characteristics:- Checkout failures
- Draft invoices
- Quoting flows
- No compliance filing impact yet
- Customer operational impact
- Revenue blocking
- No regulatory exposure yet
4.2 Post-invoice, pre-filing
Characteristics:- Incorrect tax on issued invoices
- Can be corrected via credit memos/re-invoicing
- Not yet reported to jurisdictions
- Customer relationship impact
- Billing corrections needed
- No regulatory exposure yet
4.3 Post-filing
Characteristics:- Returns already filed with incorrect data
- Triggers amendments, penalties, interest
- High reputational risk
- Regulatory visibility
- Potential penalties and interest
- Audit risk
- Significant remediation effort
5. Direction of error
Determines whether tax was over-collected, under-collected, or mis-sourced.5.1 Under-collection
Characteristics:- Tax not charged when it should have been
- Customer absorbs liability or must recover from end customers
- Higher customer urgency
- Customer out-of-pocket
- Customer relationship strain
- Difficult recovery from end customers
- Audit exposure
5.2 Over-collection
Characteristics:- Excess tax charged
- Refund obligations
- Customer trust issue
- Customer complaints
- Refund processing required
- Lower regulatory risk
- Reputational impact
5.3 Misclassification without immediate dollar impact
Characteristics:- Wrong tax code
- Wrong exemption tagging
- Latent risk that materializes later
- May not be immediately visible
- Audit risk
- Future compliance issues
6. Detectability and observability
Determines how the issue was discovered.6.1 Customer-reported
Characteristics:- Found via support ticket
- Often already escalated emotionally
- Customer may have already contacted their customers
- Acknowledge immediately
- Investigate urgently
- Provide frequent updates
- Escalate if needed
6.2 Internally detected (automated)
Characteristics:- Monitoring/anomaly detection
- Rate spikes, zero-tax anomalies, jurisdiction drift
- Caught before customer notices
- Investigate thoroughly before notifying customer
- Prepare complete analysis
- Proactive notification
- Demonstrate competence
6.3 Latent/discovered during filing
Characteristics:- Found weeks later
- Highest remediation cost
- Customer may be surprised
- Complete investigation first
- Prepare comprehensive remediation plan
- Emphasize that we caught it before audit
- Provide full support
7. Blast radius expansion risk
Determines whether the issue is growing or contained.7.1 Static
Characteristics:- Historical only
- No new transactions affected
- Issue is resolved
- Quantify total impact
- Execute remediation plan
- Document lessons learned
7.2 Growing
Characteristics:- Every new transaction compounds exposure
- Issue is ongoing
- Urgent containment needed
- Immediate containment
- Halt affected processes if necessary
- Fix before full remediation
- Communicate status to customers
7.3 Cascading
Characteristics:- Downstream systems affected
- Reporting, filings, ledger exports impacted
- Multiple systems need correction
- Map all affected systems
- Coordinate cross-functional response
- Prioritize containment
- Systematic remediation
8. Customer operational dependence
Determines how critical tax calculation is to customer’s business flow.8.1 Non-blocking
Characteristics:- Back-office reconciliation only
- Customer can continue operations
- Lower urgency
- Standard remediation timeline
- Regular updates
- Focus on accuracy over speed
8.2 Revenue-blocking
Characteristics:- Checkout or invoicing blocked
- Customer cannot process sales
- High urgency
- Immediate response
- Workaround if possible
- Frequent updates (hourly if needed)
- Executive involvement
8.3 Regulator-facing
Characteristics:- Real-time e-invoicing
- SAF-T reporting
- Clearance models
- Regulatory deadline risk
- Immediate escalation
- Regulatory expertise involved
- Coordinate with customer’s compliance team
- Document everything
9. Regulatory sensitivity
Determines jurisdiction-specific risk factors.High-sensitivity jurisdictions
Characteristics:- Real-time reporting requirements (e.g., Brazil, Italy, Mexico)
- High penalty severity
- Aggressive audit practices
- Short correction windows
- Brazil (NF-e)
- Italy (FatturaPA)
- Mexico (CFDI)
- California (aggressive audits)
- Involve jurisdiction specialists
- Prioritize these jurisdictions in remediation
- Extra documentation
- Consider local counsel
Moderate-sensitivity jurisdictions
Characteristics:- Standard audit practices
- Reasonable correction windows
- Moderate penalties
- Most U.S. states
- Canada
- UK
- Follow standard remediation procedures
- Document thoroughly
- Timely corrections
Low-sensitivity jurisdictions
Characteristics:- Infrequent audits
- Low penalties
- Flexible correction processes
- Standard remediation
- May prioritize other jurisdictions first
10. Internal responsibility classification
Determines accountability and response approach.Platform bug
Characteristics:- Core tax engine issue
- Affects multiple customers
- Commenda’s responsibility
- Full ownership
- Proactive notification
- Enhanced support
- Consider fee credits
Content/rules bug
Characteristics:- Tax rate or rule error
- Often jurisdiction-specific
- Commenda’s responsibility
- Full ownership
- Verify with jurisdiction
- Proactive notification
- Standard support
Integration bug
Characteristics:- Connector or API issue
- May be Commenda or third-party
- Shared responsibility
- Determine root cause
- Coordinate with third party if needed
- Proactive notification
- Standard support
Customer misconfiguration
Characteristics:- Customer setup error
- Customer’s responsibility
- Commenda provides guidance
- Educate customer
- Help correct configuration
- May charge for extensive support
- Document proper setup
Third-party dependency failure
Characteristics:- External service issue
- Outside Commenda’s control
- Shared impact
- Coordinate with third party
- Keep customer informed
- Provide workarounds if possible
- Document for SLA purposes
Decision matrix
Use this matrix to determine response level based on key factors:| Exposure | Customers | Filings | Response level | Approval needed |
|---|---|---|---|---|
| < $1K | Single | None | Low | Account manager |
| < $5K | Single | None | Moderate | Manager |
| < $5K | Multiple | None | High | Manager |
| 10K | Single | None | High | Manager |
| 10K | Multiple | None | Critical | Executive |
| 100K | Any | None | Critical | Executive |
| > $100K | Any | Any | SWAT team | Executive |
| Any | Any | Filed | +1 level | +1 level |
| Any | Revenue-blocking | Any | Critical | Executive |
Assessment checklist
Use this checklist when assessing any incident:Initial assessment (within 1 hour)
- How was issue detected?
- Is issue ongoing or resolved?
- How many customers affected?
- Estimated financial exposure?
- Are customers blocked from operations?
- Have any returns been filed?
Detailed assessment (within 4 hours)
- Exact customer list identified?
- Precise financial exposure calculated?
- Root cause identified?
- Fix verified?
- Compliance lifecycle impact determined?
- Direction of error confirmed?
- Blast radius assessed?
- Regulatory sensitivity evaluated?
- Responsibility determined?
Remediation planning (within 8 hours)
- Scenario classification determined?
- Remediation approach selected?
- Customer communications drafted?
- Approval obtained?
- Resources allocated?
- Timeline established?
Execution tracking (ongoing)
- Customers notified?
- Remediation actions in progress?
- Customer responses tracked?
- Technical corrections completed?
- Documentation maintained?
- Lessons learned captured?
Escalation triggers
Escalate immediately if any of these conditions are met:To manager
- Exposure > $5,000
- Multiple customers affected
- Customer is upset or threatening
- Unclear how to proceed
- Issue is growing
To executive team
- Exposure > $10,000
- Filed returns impacted
- Customer threatens legal action
- Media attention
- Regulatory inquiry
- Platform-wide issue
To SWAT team
- Exposure > $100,000
- Real-time reporting jurisdictions affected
- Cascading downstream effects
- Reputational risk
- Multiple executives involved
Common assessment mistakes
Underestimating scope
Mistake: Assuming issue is isolated when it’s actually systemic Prevention:- Always ask: “Could this affect other customers?”
- Check for common factors (integration, jurisdiction, feature)
- Review recent changes that could have broader impact
Overestimating urgency
Mistake: Treating every issue as critical Prevention:- Use decision matrix objectively
- Consider actual customer impact, not just dollar amount
- Distinguish between urgent and important
Delayed escalation
Mistake: Trying to handle beyond your authority level Prevention:- Escalate early when in doubt
- Use escalation triggers as guide
- Better to escalate unnecessarily than too late
Incomplete assessment
Mistake: Starting remediation before full assessment Prevention:- Complete assessment checklist
- Gather all facts first
- Don’t rush to solutions
Poor documentation
Mistake: Not documenting assessment and decisions Prevention:- Document as you go
- Record key decisions and rationale
- Maintain audit trail