The Core ISMS ships with an incident log — capture, classify, contain, recover, root-cause. The Incident Response module extends it for organisations whose incidents have SLAs, escalation chains, and regulatory reporting obligations.
- Per-incident SLA tracking with breach alerts
- Automation rules — auto-assignment, watchers, and comments triggered by ticket events and SLA breaches
- Response-time metrics dashboard, exportable for board reporting
- Structured incident exports for regulatory notification (NIS2, DORA reporting)
SLA timers run on a business-hours calendar and breaches land on the incident timeline, so response performance is measured from the moment an incident is logged — not reconstructed after the fact.