Efficient incident management is crucial for maintaining data integrity and complying with privacy regulations. The Kertos platform simplifies the process of reporting and assessing incidents, allowing organizations to respond promptly and effectively. This article guides you through the steps of reporting an incident on Kertos and highlights the differences between incidents and breaches.
Understanding Incidents and Breaches
What is an Incident?
An incident refers to any event that may compromise the confidentiality, integrity, or availability of information systems. Examples include unauthorized access attempts, system malfunctions, or suspicious activities.
What is a Breach?
A breach occurs when there is confirmed unauthorized access to sensitive data, leading to potential data exposure. Breaches typically require immediate action and notification to affected parties.
Key Differences
Incidents: Broadly cover any security event.
Breaches: Specifically involve data compromise, often with legal implications.
Reporting an Incident in Kertos
This section provides a step-by-step guide to reporting an incident using the Kertos platform, with supporting screenshots.
Filling out the Incident Report form
Log into Kertos Hub: Navigate to the Kertos dashboard.
Select the "Incidents" tab from the main menu.
Click "Report Incident": This opens the incident reporting form.
Enter Incident Details: Provide a detailed description of the incident, including the date, time, affected systems, and any initial evidence.
Determine Personal Data Involvement: Indicate whether personal data is affected.
If No: Fill out Incident Details and Data Affected
If yes, additional fields will appear to specify the type and extent of data exposure. Article 33 of the GDPR requires the personal data breach incident be notified immediately or at the most, within 72 hours of it’s initial detection.
Article 33 of the GDPR requires the personal data breach incident be notified immediately or at the most, within 72 hours of it’s initial detection.
Clarify data affected and the Information Impact.
You can also press save at any time in order to safe your Incident report. All saved incidents are found in the open tab.
Deciding on Measures to take
Assign Responsibility: Identify the person responsible for managing the incident.
Identify Root Causes and Potential Consequences: Document the root cause, potential consequences, and any measures planned or undertaken.
Decide on Authority Notification: If the incident is a breach involving personal data, determine if authorities need to be notified.
Submitting the Incident Report
Review and Submit: Ensure all required fields are complete before submitting the report.
Post-Submission: After submission, you can view the incident in the "Closed" tab.
Encourage your team to become familiar with Kertos's incident management features. Explore related resources and training materials for further learning.