Security Incidents

Proper incident handling separates mature security programs from reactive ones. Infopol provides structured workflows to ensure incidents are documented, investigated, and resolved with complete audit trails.

When to Report an Incident

Report any event that could impact confidentiality, integrity, or availability of your systems or data:

• Security breaches: Unauthorized access, data leaks, compromised credentials
• System failures: Outages affecting business operations or data processing
• Policy violations: Employee actions that breach security policies
• Near misses: Events that could have caused harm but didn't
• Suspicious activity: Potential security threats requiring investigation

The earlier you document an incident, the better your response will be. Don't wait for confirmation—report suspected incidents immediately.

[Screenshot: New Incident Form] Shows: Incident creation dialog with title, description, severity, and affected assets fields

Creating an Incident Report

1. Click New Incident from the Incidents page

   • Provide a clear, concise title describing the incident
   • Select severity level (Low, Medium, High, Critical)

2. Document what happened in the description field

   • Include timeline of when the incident was first detected
   • Note who reported it and what systems are affected
   • Add any immediate actions already taken

3. Link affected entities to the incident

   • Connect related assets (servers, applications, data stores)
   • Link involved vendors if third-parties are impacted
   • Associate risks that materialized
   • Tag relevant controls that failed or need review

[Screenshot: Incident List] Shows: Table view of all incidents with status, severity, assignee, and dates

Incident Workflow

Incidents progress through defined states:

• New: Just reported, awaiting initial assessment
• In Progress: Under investigation or being remediated
• Resolved: Immediate threat addressed, incident contained
• Report Completed: Final documentation and lessons learned captured

Each status change is automatically timestamped, creating an audit-ready incident timeline.

Tracking and Updates

Monitor active incidents from the Incidents dashboard:

• View all open incidents sorted by severity and age
• Add updates as investigation progresses (all logged with timestamps)
• Attach evidence files to support the investigation
• Assign incidents to team members for resolution

[Screenshot: Incident Detail] Shows: Full incident view with timeline, updates, linked entities, and evidence attachments

Integration with Controls

After resolving an incident, link it to controls for traceability:

• Document which controls failed or were missing
• Create tasks to implement corrective controls
• Update control descriptions to reference incident learnings
• Track how controls prevented similar incidents

This creates a closed loop between incidents and your compliance program, demonstrating continuous improvement to auditors.

Next Steps

• Set up crisis team alerts for high-severity incidents
• Learn investigation documentation practices
• Review lessons learned process