Incidents

IMPORTANT: Functionality for Incident Reporting is also now contained in the Admin Module. Please see the Admin Module Overview knowledge base article for more details.

The Incident Module allows an Organization to manage the Incident Reporting/Response requirements from within The Guard.

TABLE OF CONTENTS

• Creating and Managing an Incident

Creating and Managing an Incident

Creating a New Incident 

1. Creating a New Incident

   1. Navigate to the Incidents module.

   2. Select + Add Incident.

   3. Fill in the following fields:

      • Incident Title: Provide a name for the Incident.
      • Location: Select the location affected by the Incident. (If the organization has only one location, select it.)
      • Vendor Reported: If the Incident involves a Vendor, select the Vendor from the dropdown menu. Note: The Vendor must first be created in the Vendor Module.
      • Reported By: Identify the person reporting the Incident. Reporting can also be done anonymously.
      • Incident Type: Choose a preexisting Incident Type provided by The Guard that best fits the scenario. If no suitable type exists, select “Other” and manually enter the type of Incident.
      • Incident and Discovery Date:
        • Incident Date: The date the Incident occurred.
        • Discovery Date: The date the Incident was discovered or when the Organization was made aware of it.
      • Incident Affected More than 500 Members: If the Incident impacted more than 500 individuals, check this box. Note: This may affect breach notification requirements (see policies) if unsecured PHI is involved.

   4. The Description field is optional and not required to save and create a new Incident. This field can be updated and revised continuously as the investigation progresses.
      
      

After an Incident is created selecting an incident from the table opens the Incident Details where Investigation, Notes, and Evidence fields are available to update as the investigation progresses. Additionally, by selecting + Add Task  team members can be assigned tasks to support the investigation process.

You can adjust the Incident’s Status from the Incidents module by:

• Using the checkboxes on the left-hand side and then using Bulk Actions dropdown.
• Selecting the Ellipsis (•••) on the right-hand side of an Incident.

Incident Statuses

• Not Verified: All Incidents are assigned this status by default.
• Under Investigation: Changes the status for selected Incidents to Under Investigation. This indicates that the Organization is actively investigating the Incident/Breach and making updates.
• Verified: Marks the selected Incidents as Verified. This status is a middle-ground between Under Investigation and Completed.Note: Marking an Incident as Verified does not affect the Incident itself but can help manage multiple Incidents.
• Completed

Filters can be applied to the table to view incidents by Location, Type, All Affected (500 or more) and Investigation Status.

Related articles:

Completing The Breach Determination Assessment Form

Job Aid for Analysis of Security of PHI