Incident Reporting
Incident handling is a workflow built on the recorded decision record, not a second runtime.
Operational Use
When an organization treats a decision or system event as reportable, the existing evidence set, policy version, timestamps, and operator actions provide the base record for classification and reporting.
| Input | Why it matters |
|---|---|
| Recorded timestamps | Support deadline tracking and reconstruction of the reporting timeline. |
| Policy version | Shows the control regime in force at the time of the event. |
| Evidence references | Support root-cause analysis and report packaging. |
| Operator actions | Preserve escalation, review, and closure history. |
Minimal Workflow
1. Detect
Mark the event, attach the relevant decision records, and fix the initial time boundary.
2. Classify
Apply the organization-specific severity and reporting policy.
3. Report and close
Export the record, track deadlines, and preserve the final corrective action set.
Boundary: legal obligations, authorities, and deadlines remain organization-specific. This page describes the record structure that supports the workflow.
Use Compliance for the full regulatory mapping
Compliance owns the public description of regulatory scope and reporting posture.
Compliance