Incidents Register

Updated on October 13, 2023

The Incidents Register allows you to log, resolve, and correct all the incidents – i.e., events that have compromised the company information’s confidentiality, integrity, or availability. It is an integral part of the maintenance of your ISO 27001 project and will give you a great overview of areas that need improvement in the future.

Accessing Incidents Register

To access the Incidents Register, do the following:

  1. Go to Registers and Modules;
  2. Click the Go To Register button in the Incidents Register module.

Incidents Register - Advisera Help Center

Filling out the Incidents Register

Before you start filling out the Incidents Register, we suggest establishing the necessary procedures for logging incidents. This can be done in the Implementation steps and the document Incident Management Procedure. This document is edited and completed like other policies and procedures in the Document Wizard.

Incidents Register - Advisera Help Center

Adding Incidents

To add the incident to the Incidents Register, click the Add New button.

Incidents Register - Advisera Help Center

Data fields with a red asterisk are mandatory – the remaining fields are optional. When you fill out all the mandatory fields, click the Save button to save the incident.

Incidents Register - Advisera Help Center

When saved, the incident is listed in the Incidents Register as a list entry. Here you can:

  • See the title of the incident;
  • Delete the incident;
  • Expand the incident by clicking the arrow;
  • See the incident status via the color circle (with the description of the color in the left menu).

Incidents Register - Advisera Help Center

Editing Incidents

To edit incidents, do the following:

  1. Expand the incident by clicking the blue arrow next to the incident name;
  2. Click the Edit details button.

Incidents Register - Advisera Help Center

Adding Responsibilities

To add responsibilities, do the following:

  1. Click the Expand button in line with the Responsibilities menu;
  2. Classify the incident;
  3. Notify users of the incident;
  4. Assign the incident to a user;
  5. Click the Submit button.

Incidents Register - Advisera Help Center

After submitting the responsibilities, the incident is assigned to a chosen user. That user will be responsible for performing corrections and/or corrective actions.

Incidents Register - Advisera Help Center

Adding Corrections

To add a correction, do the following:

  1. Click the New task button;
  2. Input the field from the pop-up window;
  3. Click the Save button.

Incidents Register - Advisera Help Center

After the correction is saved, you can see it in the list of corrections, and you can:

  • See its status under Completed?;
  • Delete the task;
  • Edit the task;
  • Create a new task.

Note: The Wrap Up Incident button is locked if the created correction (task) is not completed. You need to complete all corrections to wrap up the incident.

Incidents Register - Advisera Help Center

Creating and Adding Corrective Action

If you created corrective actions before, you can apply them by clicking the Add Existing Corrective Action.

To create a Corrective Action for the incident, do the following:

  1. Click the New Corrective Action button;
  2. Enter the information required in the pop-up window shown;
  3. Click the Save button.

Incidents Register - Advisera Help Center

After the corrective action is saved, you can see it in the list of corrections, and you can:

  • See its status under Completed?;
  • Delete the task;
  • Edit the task;
  • Create a new task.

Note: The Wrap Up Incident button is locked if the created correction (task) is not completed. You need to complete all corrections to wrap up the incident.

Incidents Register - Advisera Help Center

Completing Corrections and Corrective Actions

After the corrections and corrective actions have been implemented in the company, you can complete the corrections.

To complete the corrections and corrective actions, do the following:

  1. Go to Tasks assigned to me under My Work;
  2. Click the Mark as Done button to confirm completing the task.

Incidents Register - Advisera Help Center

Incidents Register - Advisera Help Center

Resolving Incident

To resolve incidents, click the Wrap Up Incident button. When the Wrap Up Incident button is clicked, you need to answer this question: “Have all the corrections been resolved in a satisfactory way?” with Yes or No.

The YES Answer

If all the corrections have been resolved satisfactorily, select the answer Yes and click the Resolve Incident button.

Incidents Register - Advisera Help Center

The NO Answer

If all the corrections have not been resolved in a satisfactory way, select the answer No.

To resolve incidents in this situation, you can:

  1. Open additional corrections or corrective actions;
  2. Ask the person responsible for the corrective actions to do a better job.

Incidents Register - Advisera Help Center

After the improvements are done, click the Resolve Incident button and click the OK button to confirm the incident is resolved.

Incidents Register - Advisera Help Center

After clicking OK, you will see the register’s main page, and the incident’s status color is green, indicating the incident is resolved.

Incidents Register - Advisera Help Center

Frequently asked questions:

1. What constitutes a major or minor incident or data breach?

A major incident or data breach is one that has a significant impact on the business, such as a large number of people affected or critical business processes disrupted. A minor incident or data breach has less impact and can be handled by the administrative role responsible for the affected process or asset.

2. Are corrective actions needed for incident resolution, or are simple corrections enough?

Corrective actions are not needed for incident resolution. Completing a correction task will allow you to wrap up and then resolve the incident.

3. How to monitor the completion of tasks outside of Conformio?

This needs to be done by the project manager under the accepted practices in the company. Everything done outside of Conformio must then be completed in Conformio to properly resolve incidents.

Was this article helpful?