Incident Reporting for Security Events

Phase 1: Incident Detection and Reporting

1. Educate Employees

‍Regularly train employees on identifying and reporting security incidents, emphasizing the importance of immediate reporting.

Report Submission

‍Implement a secure form in Mosaico for employees to report security incidents. Ensure the form is accessible from all devices and protected to maintain confidentiality.

Phase 2: Initial Assessment and Escalation

3. Automated Notifications

‍Set up Mosaico to automatically notify relevant security personnel when a report is submitted.

4. Initial Assessment

‍Designate a team to perform an initial assessment to verify the incident and determine its severity.

Phase 3: Incident Logging and Documentation

5. Log Incident

‍Document all reported details in Mosaico, maintaining a secure and accessible log for reference and further action.

6. Evidence Preservation

‍Instruct employees through the reporting form on how to preserve any evidence related to the security incident.

Phase 4: Feedback and Follow-Up

7. Provide Feedback

‍Communicate with the reporting employee, if not anonymous, about the receipt of the report and next steps, maintaining transparency where possible.

8. Regular Updates

‍Keep all stakeholders updated on the status of the incident investigation and resolution through Mosaico.