Explore Digital resilience incident reporting

  • Release version: Yokohama
  • Updated July 31, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Digital Resilience Incident Reporting

    The Digital Resilience Incident Reporting module within the Operational Resilience Workspace enables users to log and report incidents to regulatory authorities efficiently. It automates the creation of reporting cases from significant incidents detected in Incident Management and Security Incident Response applications, ensuring compliance with regulatory timelines.

    Show full answer Show less

    Key Features

    • Automated Reporting Cases: Automatically generates reporting cases from major incidents.
    • Structured Assessment Process: Initiates a regulatory reporting assessment to determine if an incident must be reported.
    • Status Tracking: Monitors the status of reports and assessments for timely submission.
    • Automated Reporting Workflow: Generates reports, including Initial, Intermediate, and Final Reports, within specified timelines.
    • Export Functionality: Allows users to export incident reports in formats required by regulatory authorities.
    • Integration: Integrates with Incident Management and Security Incident Response for streamlined reporting.

    Key Outcomes

    By utilizing the Digital Resilience Incident Reporting module, customers can ensure that critical incidents are reported efficiently and accurately. The automated workflows and structured assessments enhance compliance with regulatory requirements, reducing the risk of oversight. This functionality ultimately supports better management of operational resilience, enabling organizations to maintain service continuity and meet regulatory obligations effectively.

    The Digital resilience incident reporting module in the Operational Resilience Workspace is used to log and report incidents data to the regulators.

    Key features of Digital resilience incident reporting

    The Digital resilience incident reporting application module in the Operational Resilience Workspace offers the following key features.
    • Creates reporting cases automatically from major incidents reported in the Incident Management and Security Incident Response applications.
    • Initiates a structured assessment process, including Regulatory reporting assessment to determine if the incident is reportable.
    • Tracks the status of reports and assessments, ensuring timely submission and compliance with regulatory timelines.
    • Uses automated reporting workflow to generate reports within regulatory reporting timelines:
      • Regulatory reporting assessment of IT incidents
      • Initial Report (within 24 hours)
      • Intermediate Report (every three days until resolved)
      • Final Report
    • Allows users to export incident reports for further analysis in the format specified by regulatory authorities.

    Integration with Incident Management or Security Incident Response

    The Digital resilience incident reporting module is available in the Operational Resilience Workspace by default. If you are using the Incident Management or Security Incident Response applications, you can report critical incidents from these Workspaces into the Digital resilience incident reporting module.

    Auto-populating the responses in the Assessment Workspace

    For the reported DIR case task, an assessment action task is created and assigned to a DIR user. Smart assessment in the Assessment Workspace is used for auto-populating the responses to the assessment. The Assessment Workspace is available to the Digital resilience incident reporting users by default.

    Incident classification

    When an incident is detected, it is determined whether critical business services are affected. The following approach is followed to classify the incident.

    Classification approach.

    Digital resilience incident reporting workflow

    To classify major incidents, the Digital resilience incident reporting (sn_dri_inc_rptg) automatically initiates reporting cases.

    Reporting cases are triggered and reported in Digital resilience incident reporting by using one of the following conditions:
    1. Incident Management
      • The incident is classified as critical in the Service Operations Workspace.
      • Incident duration: The incident has been open for more than 24 hours and it is still in the Work in progress or Analysis stage.
      • The incident involves a critical business service where the business criticality value is 1.
    2. Security Incident Response:
      • The incident is classified as critical in the SIR workspace.
      • Incident duration: The incident has been open for more than 24 hours and it is still in the Work in progress or Analysis stage.
    3. Manual: The incident has been reported manually in the Digital resilience incident reporting module.

    States of the case task

    1. Draft: Any DIR user can create a DIR case task and assign it to the DIR managers group. A notification is sent to the managers group to assign it to one of the managers. DIR case task can also be created automatically from the IM incidents or SIR incidents if they meet the criteria defined in the creation flow (Integration with IM or SIR)
    2. In progress:
      1. An action task is created for the DIR case task and assigned to a DIR user. The breach status of the DIR case task is updated based on the response.
      2. The DIR case task is classified as Parked for Monitoring, Not Reportable, or Reportable based on the assessment response. If it is initially marked as Parked for Monitoring, further updates on the source incident can lead to additional assessments, which may change the status to Reportable if the impacts or breach status warrant it.
      3. If the DIR case task is identified as Reportable, a new action task is created for the initial report assessment with a due date of 24 hrs and is assigned to any DIR user by the DIR manager handling the case.
      4. After the initial report action task is completed and submitted, a new action task for the intermediate report is created with a due date as three days.
      5. Intermediate report assessments are generated every three days until the source incident is closed (Incident Management or Security Incident Response).
      6. A final report action task is created with a due date of 30 days from the closing date of the source incident.
    3. Pending approval and Approved: Once the reports are completed, the DIR case task is approved and closed.

    Data displayed in Digital resilience incident reporting

    The Digital resilience incident reporting modules display the following data on the reporting cases:
    • All incident reporting cases
    • My incident reporting cases
    • Unassigned incident reporting cases

    My tasks

    The My tasks page in the Operational Resilience Workspace displays all the reporting cases and action tasks that have been assigned to the signed-in user. This section includes the following information for the signed-in user:
    • My pending tasks
    • My items
    • Watchlist

    Roles, Scripts, and Tables used for reporting

    For information on the roles, scripts, and tables used in Roles installed with Digital resilience incident reporting, see Digital resilience incident reporting reference.