Compliance
Incidents
Role-Specific Access
Accessibility Details for Various Roles
- General Access: All roles in vucavoid can access the Incidents feature to some extent.
-
Restricted Visibility:
- Full Visibility: Compliance Managers, Incident Managers, Response Team Members, and Incident Owners can view existing incidents in their entirety.
- Limited Access: Other roles may have restricted visibility and interaction with incidents, aligning with their specific responsibilities within the incident management process.
Overview of Incidents
Definition and Importance of Incidents
- Adverse Events: Incidents in vucavoid refer to adverse events that have already occurred, causing harm to the enterprise's scope.
- Critical Situations: Incidents often lead to time-critical situations requiring immediate attention and management.
Relationship with Findings, Risks, and Controls
-
Differentiation from Findings and Risks:
- Findings: Not necessarily linked to materialized damage but describe observed or recorded non-compliance that might lead to incidents.
- Risks: Potential damages that are likely based on findings and incidents, as well as controlled through various measures.
- Control Integration: Incidents can be tied to other elements in vucavoid, such as risks and controls, to understand and manage their impact on the organization's compliance and security posture.
Impact on Enterprise Scope
- Centralized Management: vucavoid offers a centralized platform to document and manage incidents and the organization’s response.
- Meta Model Impact Analysis: Assess the impact of incidents on various elements of the meta model by adding individual objects to an incident and evaluating their potential and actual impact.
Attributes of Incidents
Basics
- Title: Assign a concise title that encapsulates the essence of the incident.
- Summary: Provide an overview of the incident, detailing the key events and characteristics.
Incident Evaluation (main triage)
- Priority Levels: Ranging from 'Insignificant' to 'Urgent', each level described within the application for clarity.
- Severity Scale: From 'Low' to 'Critical', helping to categorize the impact level of the incident.
- PII Affected: A boolean indicator to denote if Personally Identifiable Information is involved, triggering specific response protocols.
- Affected PII Details: Specify the type and extent of PII affected, visible only if PII is impacted.
Incident Origin & Timing
- Identifier Assignment: Select any vucavoid user or register a custom identifier for incidents reported externally.
- Identification and Response Dates: Record the dates when the incident was identified and when the response was initiated and concluded.
- Reporting Channel: Choose from predefined options or specify another channel, accompanied by additional identification details.
Incident Management
-
Managing Roles:
- Owner: Assign a vucavoid user accountable for the incident.
- Response Team: List all team members involved in the incident response.
- Watchers: Read-only access to the specific incident.
Incident Parameters
- Categorization Tags: Attach relevant criteria, domains, categories, and standards, aiding in documentation and reporting.
Also, by adding assurances to the incident, tenants can create an easy overview of indicents affecting specific certifications or attestion reports (like SOC-2 or ISAE 3402).
Attachments
- Evidence Upload: Attach files as evidence or explanatory materials, adhering to file type and size specifications.
Status
- Lifecycle Management: Manually set the incident's status, choosing from five levels, each with descriptive guidance.
Incident List and Management Tools
Overview Table with Key Incident Information
- Centralized Display: The incident list in vucavoid provides a snapshot of all recorded incidents, offering key details at a glance.
- Displayed Attributes: Each incident is listed with its title, status, priority, severity, PII involvement, owner, and response initiation and conclusion dates.
Search, Filters, and Pagination
- Efficient Navigation: Utilize the search functionality to quickly find specific incidents.
- Refined Viewing: Apply various filters to sort and view incidents based on different criteria.
- Handling Large Data Sets: For extensive incident records, leverage the pagination feature to manage the display efficiently.
Statistics, TTD & TTR²
Calculation of Time Metrics for Incident Response
- New Panel in Incident Origin & Timing: Upon the creation of an incident, vucavoid introduces a dedicated panel to display crucial time-related statistics.
-
Key Metrics:
- Time to Detect (TTD): Measures the interval between the incident's identification and the initiation of the response.
- Time to Resolve (TTR): Captures the duration from the incident's identification to the conclusion of the response.
- Time to Respond (TTR²): Tracks the period between the identification of the incident and the start of the response efforts.
Adding Incident Reports
Process and Types of Incident Reports
- Chronological History: Incident reports in vucavoid are designed to document each incident comprehensively, providing a chronological record of events and decisions.
-
Two Types of Reports:
- Event Reports: Document specific occurrences related to the incident, including start and end dates, along with a detailed description.
- Decision Reports: Record significant decisions made in response to the incident, detailing the decision, the date, and the decider.
Linking Incidents to Meta Model Elements
- Impact Analysis: Assess and record the potential and actual impact of incidents on various elements of your organization's meta model.
-
Attachment Process:
- Object Selection: Attach affected elements, like legal entities or IT assets, to the incident.
- Impact Assessment: Evaluate and record the level of impact (ranging from 'Remote' to 'Threatening') and provide a rationale for each assessment.
- Owner Notification: Optionally notify the owners of affected elements via email.
As outlined above, incident report can take one of two types:
- Event
- Decision
An event reportis a straightforward documentation about
Just like with events, since time is critical during incident response, decision reports are straightforward doucmentations on who took what decision when.