Incident Timeline & Documentation
Document incident response chronologically. Build audit-ready timeline of discovery, assessment, notifications, remediation, and resolution.
Creating Timeline
- Compliance → Incidents → [Incident] → Timeline
- Add events:
- Discovered: When detected + how
- Assessed: Severity/scope assessment
- Notified: Authority notifications (GDPR, EU AI Act)
- Remediated: Actions taken
- Resolved: Incident closed
- Post-Mortem: Root cause analysis
- For each event:
- Enter timestamp
- Add description
- Attach evidence (logs, tickets, notifications)
Timeline View
Chronological display shows:
- When each action occurred
- Who performed it
- What evidence supports it
- Time between key milestones
Example:
Mar 1 14:30 UTC - Incident discovered Evidence: PagerDuty alert
Mar 1 15:45 UTC - Scope assessed Evidence: Incident report
Mar 1 16:00 UTC - Authority notified Evidence: Email receipt
Mar 2 10:00 UTC - Remediated Evidence: Deployment log
Mar 3 09:00 UTC - ResolvedAudit Value
Timeline demonstrates:
- ✓ Timely discovery
- ✓ Quick response
- ✓ Authority compliance
- ✓ Documented remediation