Reporting incidents
What is an Incident?
An incident refers to any event that may compromise the confidentiality, integrity, or availability of information systems. Examples include unauthorized access attempts, system malfunctions, or suspicious activities.
What is a Breach?
A breach occurs when there is confirmed unauthorized access to sensitive data, leading to potential data exposure. Breaches typically require immediate action and notification to affected parties.
Key Differences
Incidents: Broadly cover any security event.
Breaches: Specifically involve data compromise, often with legal implications.
Reporting an incident in Kertos
This section provides a step-by-step guide to reporting an incident using Kertos.
1. Go the "Incidents" tab in the main menu.
2. Click "Report Incident".
3. Enter the incident Title and choose the Reporter person.
4. Determine Personal Data Involvement: Indicate whether personal data is affected.
If yes, additional fields will appear to specify the type and extent of data exposure and the incident becomes a breach. Article 33 of the GDPR requires the personal data breach incident be notified immediately or at the most, within 72 hours of it’s initial detection.
5. Enter Incident Details: Provide a detailed description of the incident, including the date, time, affected systems, and any initial evidence.
6. Clarify data affected and the Information Impact - Confidentiality, Integrity, Availability + Authenticity (DORA framework only).
7. Decide on Measures to take:
- Assign Responsibility: Identify the person responsible for managing the incident
- Document the root cause and potential consequences
- Document any measures planned or undertaken so far
8. Decide on Authority Notification: If the incident is a breach involving personal data, determine if authorities need to be notified.
9. Attachments: Upload or link any necessary attachments.
10. After reviewing and submitting the incident report, you can view the incident in the "Closed" tab.