Incident Management

Incident Management handles disruptions, failures, and security events affecting IT and OT infrastructure. In OT environments, incidents may affect production processes or safety systems — rapid response and full traceability are critical.

Incident lifecycle

New → Acknowledged → Investigating → Mitigation in Progress → Resolved → Closed

Optional states: Escalated, Waiting for Vendor, Waiting for Maintenance Window

Severity levels

Severity	Description	Example
Critical	Production stopped or safety risk	PLC unresponsive on production line
High	Major degradation, partial impact	SCADA server unreachable
Medium	Limited impact, workaround available	Switch port flapping
Low	Minor issue, no immediate impact	Failed backup job

Creating an incident

Go to Incidents → New Incident
Fill in the required fields:
- Title — short, descriptive
- Severity — Critical / High / Medium / Low
- Category — IT / OT / Security / Network / Safety
- Site — affected location
- Description — full context of the issue
Link affected assets — search and attach the relevant PLCs, servers, or network devices. This enables impact analysis and incident history per device.
Save. The incident is created with status New and SLA timers start.

OT-specific fields

When the category is OT or Safety, additional fields become available:

Production impact — is production affected?
Safety impact — is there a safety risk?
Operational criticality — criticality of the affected system

Linking to other records

From an incident you can:

Create a Change Request — if remediation requires infrastructure changes
Create a Problem — if this is a recurring pattern
Link a Vulnerability — if the incident relates to a known CVE
Reference Knowledge articles — attach runbooks or procedures

SLA

SLA policies are configured per tenant in Settings → SLA Policies. When an SLA breach is approaching, the incident is flagged and responsible users are notified.