The Incidents Register allows you to log, resolve, and correct all the incidents – i.e., events that have compromised the company information’s confidentiality, integrity, or availability. It is an integral part of the maintenance of your ISO 27001 project and will give you a great overview of areas that need improvement in the future.
Accessing Incidents Register
To access the Incidents Register, do the following:
- Go to Registers and Modules;
- Click the Go To Register button in the Incidents Register module.
Filling out the Incidents Register
Before you start filling out the Incidents Register, we suggest establishing the necessary procedures for logging incidents. This can be done in the Implementation steps and the document Incident Management Procedure. This document is edited and completed like other policies and procedures in the Document Wizard.
Adding Incidents
To add the incident to the Incidents Register, click the Add New button.
Data fields with a red asterisk are mandatory – the remaining fields are optional. When you fill out all the mandatory fields, click the Save button to save the incident.
When saved, the incident is listed in the Incidents Register as a list entry. Here you can:
- See the title of the incident;
- Delete the incident;
- Expand the incident by clicking the arrow;
- See the incident status via the color circle (with the description of the color in the left menu).
Editing Incidents
To edit incidents, do the following:
- Expand the incident by clicking the blue arrow next to the incident name;
- Click the Edit details button.
Adding Responsibilities
To add responsibilities, do the following:
- Click the Expand button in line with the Responsibilities menu;
- Classify the incident;
- Notify users of the incident;
- Assign the incident to a user;
- Click the Submit button.
After submitting the responsibilities, the incident is assigned to a chosen user. That user will be responsible for performing corrections and/or corrective actions.
Adding Corrections
To add a correction, do the following:
- Click the New task button;
- Input the field from the pop-up window;
- Click the Save button.
After the correction is saved, you can see it in the list of corrections, and you can:
- See its status under Completed?;
- Delete the task;
- Edit the task;
- Create a new task.
Note: The Wrap Up Incident button is locked if the created correction (task) is not completed. You need to complete all corrections to wrap up the incident.
Creating and Adding Corrective Action
If you created corrective actions before, you can apply them by clicking the Add Existing Corrective Action.
To create a Corrective Action for the incident, do the following:
- Click the New Corrective Action button;
- Enter the information required in the pop-up window shown;
- Click the Save button.
After the corrective action is saved, you can see it in the list of corrections, and you can:
- See its status under Completed?;
- Delete the task;
- Edit the task;
- Create a new task.
Note: The Wrap Up Incident button is locked if the created correction (task) is not completed. You need to complete all corrections to wrap up the incident.
Completing Corrections and Corrective Actions
After the corrections and corrective actions have been implemented in the company, you can complete the corrections.
To complete the corrections and corrective actions, do the following:
- Go to Tasks assigned to me under My Work;
- Click the Mark as Done button to confirm completing the task.
Resolving Incident
To resolve incidents, click the Wrap Up Incident button. When the Wrap Up Incident button is clicked, you need to answer this question: “Have all the corrections been resolved in a satisfactory way?” with Yes or No.
The YES Answer
If all the corrections have been resolved satisfactorily, select the answer Yes and click the Resolve Incident button.
The NO Answer
If all the corrections have not been resolved in a satisfactory way, select the answer No.
To resolve incidents in this situation, you can:
- Open additional corrections or corrective actions;
- Ask the person responsible for the corrective actions to do a better job.
After the improvements are done, click the Resolve Incident button and click the OK button to confirm the incident is resolved.
After clicking OK, you will see the register’s main page, and the incident’s status color is green, indicating the incident is resolved.
Frequently asked questions:
1. What constitutes a major or minor incident or data breach?
A major incident or data breach is one that has a significant impact on the business, such as a large number of people affected or critical business processes disrupted. A minor incident or data breach has less impact and can be handled by the administrative role responsible for the affected process or asset.
2. Are corrective actions needed for incident resolution, or are simple corrections enough?
Corrective actions are not needed for incident resolution. Completing a correction task will allow you to wrap up and then resolve the incident.
3. How to monitor the completion of tasks outside of Conformio?
This needs to be done by the project manager under the accepted practices in the company. Everything done outside of Conformio must then be completed in Conformio to properly resolve incidents.