Creating & Reviewing Incidents
Documenting and responding to risks is a core component of compliance with standards such as ISO 27001 and SOC 2. The OneClickComply platform allows you to collate all of the incidents that have occurred within your business, and document them in one central place. Let's have a look an example incident on the main Incident Management screen:
There are filters for Severity as well as Resolution Status to help locate specific tasks. Selecting Review on the above incident brings up the following page:
As shown above, the incident is broken down into different categories:
Name: The name of the incident using the year, month, and day of the event.
Approval State: Indicates whether the task details have been approved.
Incident Type: Used to briefly outline the details of the incident. Other examples could include other types of digital threats such as DDoS attacks, or physical incidents such as trespassing.
Detection Date: A timestamp of when the incident arose
Severity: A category to show the impact the incident had on business operations. The categories are: Low, Medium, High, and Critical.
Response Plan: A record of the steps to respond to the incident. For example, a phishing attempt can be responded to by quarantining the targeted inbox, blacklisting the sender, and updating associated playbooks.
Record ID: A unique ID that can either be used internally by your business, or by a member of the OneClickComply team if you experience an issue with this specific incident record.
Linked Risks: This area can be used to link incidents to risks already outlined in your Risk Register. This allows businesses to demonstrate that mitigation or avoidance strategies within their Risk Register are effective.
Files: Any files associated with this incident can also be uploaded, such as a transcript of the event, a screenshot of a phishing email, or any other record that are relevant to the incident, or may help with future threats.
Now that we've learnt how to review incidents, we can now document them whenever they occur.
In order to create an incident, you will need to select the Create Incident button, located at the right hand side of the Incident Management page. See below:
Once selected, you will then be prompted to detail the incident using the same categories as detailed previously. Once all of the details are added, click Submit. This will then create the incident and place it into the** Pending Approval state.
In order to approve the incident, click Review and then Update, then set the resolution status to Approved.
There are filters for Severity as well as Resolution Status to help locate specific tasks. Selecting Review on the above incident brings up the following page:
As shown above, the incident is broken down into different categories:
Name: The name of the incident using the year, month, and day of the event.
Approval State: Indicates whether the task details have been approved.
Incident Type: Used to briefly outline the details of the incident. Other examples could include other types of digital threats such as DDoS attacks, or physical incidents such as trespassing.
Detection Date: A timestamp of when the incident arose
Severity: A category to show the impact the incident had on business operations. The categories are: Low, Medium, High, and Critical.
Response Plan: A record of the steps to respond to the incident. For example, a phishing attempt can be responded to by quarantining the targeted inbox, blacklisting the sender, and updating associated playbooks.
Record ID: A unique ID that can either be used internally by your business, or by a member of the OneClickComply team if you experience an issue with this specific incident record.
Linked Risks: This area can be used to link incidents to risks already outlined in your Risk Register. This allows businesses to demonstrate that mitigation or avoidance strategies within their Risk Register are effective.
Files: Any files associated with this incident can also be uploaded, such as a transcript of the event, a screenshot of a phishing email, or any other record that are relevant to the incident, or may help with future threats.
Creating an incident
Now that we've learnt how to review incidents, we can now document them whenever they occur.
In order to create an incident, you will need to select the Create Incident button, located at the right hand side of the Incident Management page. See below:
Once selected, you will then be prompted to detail the incident using the same categories as detailed previously. Once all of the details are added, click Submit. This will then create the incident and place it into the** Pending Approval state.
In order to approve the incident, click Review and then Update, then set the resolution status to Approved.
Updated on: 20/02/2025
Thank you!