Reporting incidents or security incidents for multiple regulations

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Reporting incidents or security incidents for multiple regulations

    The Digital Resilience Incident Reporting application enables ServiceNow customers to report IT incidents or security incidents across multiple regulations and legal entities efficiently. It automates critical aspects of reporting, including task management, data migration, duplicate prevention, and reporting accuracy, helping organizations meet regulatory timelines and compliance requirements.

    Show full answer Show less

    Key Features

    • Automated Reporting Workflow: From release 21.1.1, the application automates the generation of reports within regulatory timelines, including the Initial Report (within 24 hours), Intermediate Reports (every three days), and the Final Report. These reports are generated in Microsoft Word format as required by regulators.
    • Case Creation by Adding Entities: Adding legal entities or other regulatory targets to an incident automatically triggers the creation of a corresponding Digital Resilience Incident Reporting (DIR) case. This is facilitated by prebuilt flows that link entities to incident cases in the system, streamlining the reporting process for multiple regulations.
    • Sequence of Action Tasks: The DIR process is driven by configurable templates that automatically create and sequence action tasks. For example:
      • The initial action task, such as "Regulatory reporting assessment of IT incidents," is created when a DIR case is initiated.
      • The "DRI Initial report" task is generated when a regulation’s reporting status changes to "Reportable."
      • Intermediate reports are created every three days if the initial report remains open, continuing until the case or source incident is closed or canceled.
      • The final report task is automatically created when the source incident closes, with a 30-day due date.
      These templates can be customized by administrators to create additional tasks or modify the sequence to align with organizational and regulatory needs.

    Practical Application for ServiceNow Customers

    By leveraging the automated workflows and task sequencing in Digital Resilience Incident Reporting, customers can ensure compliance with multiple regulatory frameworks while minimizing manual effort. The system’s ability to automatically create cases and generate required reports expedites incident management and provides a clear audit trail for regulatory authorities.

    Administrators have flexibility to configure templates, map regulations to entities, and tailor action task workflows to meet specific organizational policies and regulatory requirements. This supports efficient, accurate, and timely incident reporting across multiple legal entities and jurisdictions.

    You can now report incidents or security incidents for multiple regulations for various legal entities in Digital resilience incident reporting. The application streamlines operations by automating tasks, migrating data, helping to prevent duplicates, and verifying accurate reporting.

    Automated reporting workflow

    Starting with Digital resilience incident reporting, release 21.1.1, the application uses an automated reporting workflow to generate reports within regulatory reporting timelines:
    • Regulatory reporting assessment of IT incidents
    • Initial Report (within 24 hours)
    • Intermediate Report (every three days until resolved)
    • Final Report

    You can complete these tasks and generate reports in Microsoft Word format, as required by regulatory authorities for analysis.

    Case creation by adding entities

    Digital resilience incident reporting is used for incident reporting and assessment for legal entities or other objectives according to regulations. You can now add entities to an incident, which automatically create a Digital resilience incident reporting case.

    For information on setting up the entities, see Set up entities for the targets.

    Sequence of action tasks

    The sequence of action tasks in the Digital Resilience Incident Reporting (DIR) process, as outlined in the document "Digital resilience incident reporting for multiple regulations," is primarily driven by template configurations. Here's an overview of how action tasks are created and sequenced:

    Action task creation and sequence are explained:

    1. Initial action task creation: When a DIR case is created (triggered by sources like incidents), the system automatically generates action tasks. For example, the template shown creates the 'Regulatory reporting assessment of IT incidents' action task.
    2. Template configuration: Templates are configured to create specific action tasks. For example, the 'DRI Initial report' template, which runs only once, automatically creates the 'DRI Initial report' action task when the regulation’s reporting status changes to 'Reportable.' Administrators can then update its name, due date, and termination conditions.
    3. Closure of action tasks:

      When the 'DRI Initial report' is closed, the 'DRI Intermediate report' action task is created. If the 'DRI Initial report' task remains open, the system creates the 'DRI Intermediate report' action task every three days until the DIR case is closed or canceled, or the source incident is closed.

    4. Closure of incident: When the source incident or security incident is closed, the “DRI Final report” action task is created, with a due date of 30 days.
    5. Automated action task generation: These template configurations enable automatic creation of action tasks, as previously demonstrated. as administrators, you can create multiple action tasks and tailor their sequence to meet your organizational requirements and applicable regulations.
    6. Completion of action tasks: Action tasks are completed according to the conditions defined in their templates, promoting efficient process management and required task completion.
      Note:
      As administrators, you can customize the configurations available with the base version or add additional action tasks as needed.

    For information on mapping regulations and setting up action task templates, see Map regulations to the entities and Set up action task templates in Regulatory agency profile.

    For information on completing action tasks, refer to Complete action tasks and report incidents associated with regulations.