Quarterly Capacity Planning Procedure

Owner: Security Officer · Approved by leadership · Version 1.0 · Effective 27 May 2026 · Next review 27 May 2027

1. Purpose

This procedure defines the controlled quarterly cadence under which Glassbreak reviews the platform's capacity position against its anticipated load and against the quotas and rate limits of each sub-processor. It produces a dated record with any committed remediation that an auditor can sample.

The procedure operationalises the availability commitments in section 3.3 of the Information Security Policy and the recovery objectives in the Business Continuity & Disaster Recovery Plan by ensuring that capacity does not silently become a constraint.

2. Scope

The review covers:

Each production compute stack (AWS Lambda in us-east-1, Scaleway Functions in fr-par, and any future stack).
Database storage, connection counts, and query throughput per vertical.
The CDN and edge surface fronting the platform.
Observability, logging, and alerting pipelines.
Each current sub-processor whose service exposes quotas, rate limits, or pricing tiers that Glassbreak can saturate (see /legal/sub-processors).
Background jobs, scheduled tasks, and the DR scenario suite's nightly compute footprint.

3. Ownership

Accountable owner — the Security Officer runs the review and signs the record.
Engineering input — engineering provides the traffic data, the error-budget burn report, the quota-utilisation report, and the technical assessment of any headroom risk.

4. Cadence

One review per calendar quarter, scheduled in the second half of the closing month of the quarter and completed within a +/- 14-day window of the target date.
A missed quarterly review is itself a finding and is recorded as such on the next run.
An interim review is triggered by sustained breach of any SLO error budget, by exhaustion of a sub-processor quota, or by a material change in anticipated load (for example, a contracted customer onboarding that exceeds the current headroom).

5. Inputs

5.1 Traffic trend

Request volume per surface (public, authenticated, administrative) for the period under review and the rolling 12-month series.
Storage growth per vertical for the same series.
The peak-to-mean ratio observed in the period, used to size for expected peaks rather than the mean.

5.2 Error-budget burn

The 5xx rate, p95 latency, and apex-probe SLOs and their associated error budgets for the period.
Time-windowed burn against each error budget.
Incidents in the period that contributed to burn, cross-referenced to the incident register.

5.3 Sub-processor quota utilisation

For each sub-processor with a quota or rate limit, the headroom remaining relative to current utilisation.
Any sub-processor that issued a notice of quota, pricing, or service-tier change in the period.

6. Procedure

Engineering compiles the inputs from §5 into a read-ahead pack and circulates it at least 3 business days before the review.
The review assesses each input against the headroom target for that surface or sub-processor and identifies any constraint at risk.
For each identified constraint, the review records the chosen remediation: increase, redistribute, defer demand, accept with rationale, or escalate.
Each remediation is assigned an owner and a closure deadline under the Remediation SLA procedure.
The Security Officer signs the completed record.
The signed record is filed in the compliance evidence store and indexed by review date.

7. Template

Each quarterly capacity review produces a single record with the following structure. This template is the artefact that an auditor may sample.

Header — review identifier, quarter covered, target date, actual date, Security Officer.
Traffic trend — table of request volume, storage growth, and peak-to-mean ratio for each in-scope surface.
Error-budget burn — table of each SLO, its budget, burn for the period, and contributing incidents.
Sub-processor quota utilisation — table of each in-scope sub-processor with headroom and any pending change notices.
Constraints — numbered list of constraints identified, with severity, remediation chosen, owner, deadline.
Carry-over — status of constraints identified at the previous review.
Sign-off — Security Officer signature and date.

8. First instance

The inaugural quarterly capacity planning review was completed on the effective date of this procedure (27 May 2026). It captured the baseline traffic-trend, error-budget-burn, and sub-processor-quota-utilisation positions across the in-scope surfaces. The signed record is held in the compliance evidence store and available under NDA.

9. Records

Signed records are retained for at least 5 years.
The underlying traffic, SLO, and quota data is retained in the observability stack for at least 13 months so the next year-over-year review can refer back to it.
Open remediations remain tracked under the Remediation SLA procedure until closure.

10. Review of this procedure

This procedure is reviewed at least annually and after any material change to the platform topology, the SLO set, or the sub-processor list. The next scheduled review is 27 May 2027.

11. Related documents

Counter-signed PDF copy available on request to compliance@glassbreak.io.