Emergency Override

Overview

Emergency Override provides an expedited approval path for critical business situations where standard approval workflows would cause unacceptable delays. This feature bypasses normal SLA timelines while maintaining strict audit requirements and requiring dual approval for accountability.

Emergency overrides are designed for genuine emergencies such as production incidents, security responses, or critical business operations that cannot wait for standard approval chains.

Key Features

Expedited Processing: Bypass standard SLA timelines
Dual Approval Requirement: Two authorized users must approve
Enhanced Audit Trail: Detailed logging of override justification
Automatic Notification: Alerts sent to security and management
Time-Limited: Override windows expire after short duration
Post-Incident Review: Mandatory review of all overrides
Compliance Maintained: Full audit trail for regulatory requirements

How It Works

Emergency Override Flow

Emergency Situation Identified
            |
            v
+------------------------+
| Request Override       |
| - Justification        |
| - Business impact      |
| - Duration needed      |
+------------------------+
            |
            v
+------------------------+
| First Approver         |
| (Emergency Approver)   |
| - Review justification |
| - Approve/Deny         |
+------------------------+
            |
       Approved
            v
+------------------------+
| Second Approver        |
| (Different person)     |
| - Confirm emergency    |
| - Approve/Deny         |
+------------------------+
            |
       Approved
            v
+------------------------+
| Override Active        |
| - Action executed      |
| - Audit logged         |
| - Notifications sent   |
| - Review scheduled     |
+------------------------+

Override vs Standard Approval

Aspect	Standard Approval	Emergency Override
Approval Levels	1-5 based on risk	Always 2 (dual)
Timeline	Hours to days	Minutes
Approvers	Standard chain	Emergency approvers only
Audit Level	Standard	Enhanced
Post-Review	Optional	Mandatory
Notification	Approvers only	Security + Management

Configuration

Enable Emergency Override

Emergency override is enabled per workflow:

curl -X POST "https://api.ascend.ai/api/authorization/workflow-config" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "risk_90_100",
    "updates": {
      "emergency_override": true
    }
  }'

Configure Emergency Approvers

Designate users who can approve emergency overrides:

curl -X POST "https://api.ascend.ai/api/users/123/permissions" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "is_emergency_approver": true,
    "max_risk_approval": "CRITICAL",
    "emergency_approval_limit": 5
  }'

Set Override Parameters

curl -X POST "https://api.ascend.ai/api/authorization/emergency-config" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "override_duration_minutes": 30,
    "require_dual_approval": true,
    "notification_recipients": [
      "security-ops@company.com",
      "incident-response@company.com",
      "management@company.com"
    ],
    "post_review_required": true,
    "post_review_deadline_hours": 24
  }'

Usage Examples

Request Emergency Override

curl -X POST "https://api.ascend.ai/api/actions/123/emergency-override" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "justification": "Production database outage affecting 10,000 users. Need immediate access to restore service.",
    "business_impact": "critical",
    "incident_id": "INC-2026-0120-001",
    "estimated_duration_minutes": 30
  }'

Response:

{
  "override_request_id": "EMR-456",
  "action_id": 123,
  "status": "pending_dual_approval",
  "first_approver_required": true,
  "second_approver_required": true,
  "justification_recorded": true,
  "notifications_sent": ["security-ops@company.com", "management@company.com"],
  "expires_at": "2026-01-20T14:30:00Z"
}

First Approval

curl -X POST "https://api.ascend.ai/api/emergency-overrides/EMR-456/approve" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "approval_stage": 1,
    "comment": "Verified production incident. Emergency access justified.",
    "conditions": "Access limited to read operations only"
  }'

Second Approval (Different User)

curl -X POST "https://api.ascend.ai/api/emergency-overrides/EMR-456/approve" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "approval_stage": 2,
    "comment": "Confirmed emergency situation. Dual approval complete."
  }'

Check Override Status

curl -X GET "https://api.ascend.ai/api/emergency-overrides/EMR-456" \
  -H "Authorization: Bearer $TOKEN"

Response:

{
  "override_id": "EMR-456",
  "action_id": 123,
  "status": "active",
  "justification": "Production database outage affecting 10,000 users",
  "business_impact": "critical",
  "incident_id": "INC-2026-0120-001",
  "first_approval": {
    "approver": "security-lead@company.com",
    "approved_at": "2026-01-20T14:02:00Z",
    "comment": "Verified production incident"
  },
  "second_approval": {
    "approver": "ciso@company.com",
    "approved_at": "2026-01-20T14:05:00Z",
    "comment": "Confirmed emergency situation"
  },
  "activated_at": "2026-01-20T14:05:00Z",
  "expires_at": "2026-01-20T14:35:00Z",
  "post_review_deadline": "2026-01-21T14:05:00Z"
}

Audit Requirements

Enhanced Audit Trail

Emergency overrides capture additional information:

{
  "audit_event": "emergency_override",
  "timestamp": "2026-01-20T14:05:00Z",
  "action_id": 123,
  "override_id": "EMR-456",
  "requestor": "engineer@company.com",
  "first_approver": "security-lead@company.com",
  "second_approver": "ciso@company.com",
  "justification": "Production database outage",
  "business_impact": "critical",
  "incident_id": "INC-2026-0120-001",
  "action_details": {
    "action_type": "database_access",
    "target": "production-db-01",
    "risk_score": 95
  },
  "override_duration_minutes": 30,
  "compliance_notes": "Dual approval obtained, post-incident review scheduled"
}

Post-Incident Review

All emergency overrides require post-incident review:

curl -X POST "https://api.ascend.ai/api/emergency-overrides/EMR-456/review" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "review_outcome": "justified",
    "incident_resolution": "Database restored, root cause identified",
    "lessons_learned": "Need automated failover for database cluster",
    "preventive_actions": [
      "Implement database failover automation",
      "Add monitoring for database replication lag"
    ],
    "reviewer": "security-manager@company.com"
  }'

Dual Approval

Why Dual Approval?

Dual approval ensures:

Accountability: Two people must agree the emergency is genuine
Error Prevention: Reduces risk of mistaken emergency claims
Compliance: Satisfies separation of duties requirements
Audit Trail: Clear chain of responsibility

Dual Approval Rules

Two different users must approve
Both must be designated emergency approvers
Requestor cannot be an approver
Approvals must be within override window

Emergency Approver Requirements

Users designated as emergency approvers must have:

is_emergency_approver: true
max_risk_approval: "CRITICAL" or "HIGH"
Completed emergency procedures training
Active status in the system

Notifications

Automatic Notifications

When an emergency override is activated:

Security Team: Immediate notification
Management: Alert to appropriate level
Incident Response: If incident ID provided
Original Approvers: Informed of bypass
Compliance Team: For audit awareness

Notification Content

EMERGENCY OVERRIDE ACTIVATED

Override ID: EMR-456
Action: database_access on production-db-01
Risk Score: 95
Requestor: engineer@company.com

Justification:
Production database outage affecting 10,000 users.

Approved By:
1. security-lead@company.com (14:02 UTC)
2. ciso@company.com (14:05 UTC)

Expires: 2026-01-20 14:35 UTC
Post-Review Due: 2026-01-21 14:05 UTC

Incident: INC-2026-0120-001

Best Practices

Train Emergency Approvers: Ensure they understand responsibilities
Define Clear Criteria: Document what constitutes a genuine emergency
Limit Approvers: Keep emergency approver list small and qualified
Review All Overrides: Never skip post-incident reviews
Track Metrics: Monitor override frequency for abuse patterns
Update Procedures: Refine emergency criteria based on reviews

Compliance Considerations

Emergency overrides maintain compliance by:

Full Audit Trail: All actions logged with justification
Dual Approval: Separation of duties maintained
Time-Bounded: Overrides expire automatically
Mandatory Review: Post-incident analysis required
Notification: Appropriate stakeholders informed

Approval Workflows Overview - Understanding workflows
Workflow Configuration - Setting up workflows
Multi-Stage Approvals - Standard approval chains
SLA and Escalation - Timeout management
Audit Logs - Viewing audit history

Overview​

Key Features​

How It Works​

Emergency Override Flow​

Override vs Standard Approval​

Configuration​

Enable Emergency Override​

Configure Emergency Approvers​

Set Override Parameters​

Usage Examples​

Request Emergency Override​

First Approval​

Second Approval (Different User)​

Check Override Status​

Audit Requirements​

Enhanced Audit Trail​

Post-Incident Review​

Dual Approval​

Why Dual Approval?​

Dual Approval Rules​

Emergency Approver Requirements​

Notifications​

Automatic Notifications​

Notification Content​

Best Practices​

Compliance Considerations​

Related​