Explore Digital resilience incident reporting
Summarize
Summary of Digital Resilience Incident Reporting
The Digital Resilience Incident Reporting module, part of the Operational Resilience Workspace, enables ServiceNow customers to efficiently log, assess, and report incident data to regulatory authorities. It automates the creation of reporting cases from major incidents, supports structured regulatory assessments, tracks report statuses, and ensures compliance with strict reporting timelines.
Show less
Key Features
- Automatic Case Creation: Reporting cases are automatically generated from critical incidents recorded in Incident Management and Security Incident Response applications based on defined criteria such as criticality, incident duration, and affected business services.
- Structured Assessment Process: Initiates regulatory reporting assessments to determine if incidents are reportable, classifying cases as Potentially Reportable, Not Reportable, or Reportable.
- Regulatory Reporting Workflows: Supports initial reporting within 24 hours, intermediate reports every three days until resolution, and final reports following incident closure, ensuring regulatory deadlines are met.
- Integration: Seamlessly integrates with Incident Management and Security Incident Response applications, allowing critical incidents to flow into the Digital Resilience Incident Reporting module automatically.
- Smart Assessment: Uses the Assessment Workspace to auto-populate responses, streamlining the evaluation process for reporting users.
- Exportable Reports: Incident reports can be exported in formats specified by regulators for further analysis or submission.
- User Task Management: The My Tasks page provides users with visibility into assigned reporting cases and action tasks, including pending items and watchlists.
Incident Classification and Workflow
Incidents are classified based on their impact on critical business services and duration. The module automatically triggers reporting cases when an incident is critical, open for over 24 hours, or manually reported. Case tasks progress through states such as Draft, In Progress, Pending Approval, and Approved, with notifications and task assignments managed accordingly.
Regulatory reporting status is tracked directly on the case form and associated regulation mappings, enabling clear visibility into reportability and compliance status. For reportable cases, sequential action tasks are generated for initial, intermediate, and final reports with defined due dates to maintain regulatory adherence.
Practical Benefits for ServiceNow Customers
- Ensures timely and compliant regulatory reporting of IT incidents affecting business resilience.
- Reduces manual workload through automation and smart assessments, improving accuracy and consistency.
- Enhances visibility into incident reporting status and user tasks to facilitate efficient case management.
- Supports regulatory requirements with structured workflows and report generation aligned to mandated timelines.
Additional Information
Roles, scripts, and tables specific to Digital Resilience Incident Reporting are documented separately, helping administrators understand the underlying components used to configure and extend this module.
The Digital resilience incident reporting module in the Operational Resilience Workspace is used to log and report incidents data to the regulators.
Key features of Digital resilience incident reporting
- Creates reporting cases automatically from major incidents reported in the Incident Management and Security Incident Response applications.
- Initiates a structured assessment process, including Regulatory reporting assessment to determine if the incident is reportable.
- Tracks the status of reports and assessments, ensuring timely submission and compliance with regulatory timelines.
- Uses automated reporting workflow to generate reports within regulatory reporting timelines:
- Regulatory reporting assessment of IT incidents
- Initial Report (within 24 hours)
- Intermediate Report (every three days until resolved)
- Final Report
- Allows users to export incident reports for further analysis in the format specified by regulatory authorities.
Integration with Incident Management or Security Incident Response
The Digital resilience incident reporting module is available in the Operational Resilience Workspace by default. If you are using the Incident Management or Security Incident Response applications, you can report critical incidents from these Workspaces into the Digital resilience incident reporting module.
Auto-populating the responses in the Assessment Workspace
For the reported DIR case task, an assessment action task is created and assigned to a DIR user. Smart assessment in the Assessment Workspace is used for auto-populating the responses to the assessment. The Assessment Workspace is available to the Digital resilience incident reporting users by default.
Incident classification
When an incident is detected, it is determined whether critical business services are affected. The following approach is followed to classify the incident.
Digital resilience incident reporting workflow
To classify major incidents, the Digital resilience incident reporting (sn_dri_inc_rptg) automatically initiates reporting cases.
- Incident Management
- The incident is classified as critical in the Service Operations Workspace.
- Incident duration: The incident has been open for more than 24 hours and it is still in the Work in progress or Analysis stage.
- The incident involves a critical business service where the business criticality value is 1.
- Security Incident Response:
- The incident is classified as critical in the SIR workspace.
- Incident duration: The incident has been open for more than 24 hours and it is still in the Work in progress or Analysis stage.
- Manual: The incident has been reported manually in the Digital resilience incident reporting module.
States of the case task
- Draft: Any DIR user can create a DIR case task and assign it to the DIR managers group. A notification is sent to the managers group to assign it to one of the managers. DIR case task can also be created automatically from the IM incidents or SIR incidents if they meet the criteria defined in the creation flow (Integration with IM or SIR)
- In progress:
- An action task is created for the DIR case task and assigned to a DIR user.
- If the DIR case task is identified as Reportable, a new action task is created for the initial report assessment with a due date of 24 hrs and is assigned to any DIR user by the DIR manager handling the case.
- After the initial report action task is completed and submitted, a new action task for the intermediate report is created with a due date as three days.
- Intermediate report assessments are generated every three days until the source incident is closed (Incident Management or Security Incident Response).
- A final report action task is created with a due date of 30 days from the closing date of the source incident.
- Pending approval and Approved: Once the reports are completed, the DIR case task is approved and closed.
Data displayed in Digital resilience incident reporting
- All incident reporting cases
- My incident reporting cases
- Unassigned incident reporting cases
My tasks
- My pending tasks
- My items
- Watchlist
Roles, Scripts, and Tables used for reporting
For information on the roles, scripts, and tables used in Roles installed with Digital resilience incident reporting, see Digital resilience incident reporting reference.