Incident Management Guide
ISO Mate provides a structured incident management workflow for tracking security incidents, data breaches, system outages, and policy violations.
Creating an Incident
- Navigate to Incidents in the sidebar.
- Click Add.
- Fill in the incident details:
- Title: A clear description of the incident
- Category: Data Breach, Security Incident, System Outage, Policy Violation, or Other
- Severity: Critical, High, Medium, or Low
- Description: Detailed description of what happened
- Detection Date: When the incident was first detected
- Click Save. The incident is created with status Open and assigned a reference number (format: INC-YYYYMMDD-XXXX).
Status Workflow
Incidents follow a defined status workflow with controlled transitions:
- Open: Can move to Investigating
- Investigating: Can move back to Open or forward to Contained
- Contained: Can move back to Investigating or forward to Resolved
- Resolved: Can move back to Investigating or forward to Closed
- Closed: Final state, no further transitions
To change status, open the incident and click the appropriate status transition button. Some transitions require additional information (e.g., resolution description when resolving).
Assigning Users
Assign users to an incident with specific roles:
- Reporter: The person who reported the incident
- Assignee: The person responsible for investigating and resolving the incident
- Stakeholder: People who need to be kept informed about the incident
An assignee is required when moving an incident to the Investigating status.
Incident Notes
Add notes to an incident to document investigation progress, findings, and decisions. Notes are timestamped and attributed to the user who created them, providing a complete audit trail.
Linked Tasks
Create tasks directly from an incident to track remediation actions. Linked tasks appear on the incident detail page, and the incident tracks whether all linked tasks are completed.
GDPR Data Breach Fields
When the category is set to Data Breach, additional GDPR-specific fields become available:
- Data Subjects Affected: Number of individuals whose data was compromised
- Data Types Compromised: Types of personal data involved
- Breach Discovery Date: When the breach was discovered
- Supervisory Authority Notified: Whether the data protection authority has been notified
- Supervisory Authority Notification Date: When the authority was notified
- Data Subjects Notified: Whether affected individuals have been notified
- High Risk to Subjects: Whether the breach poses a high risk to affected individuals
ISO Mate tracks the 72-hour GDPR notification deadline from the breach discovery date and shows compliance status.
Resolution
When resolving an incident, provide:
- Resolution Description: What was done to resolve the incident
- Root Cause: The underlying cause of the incident
Filtering and Searching
Filter incidents by status, severity, category, assignee, or date range. Search by title or reference number.
Exporting
Export incidents to CSV or PDF for reporting and audit documentation.