Praisma Hub LogoPraisma Hub

9.2.2 Operations & Support — Support — Incident Handling — Reporting and Resolution

Incident Handling defines the process for managing unplanned disruptions that impact availability, security, or data integrity. The process emphasizes rapid detection, controlled response, and clear communication throughout the incident lifecycle.

Incident Definition

An incident is any event that degrades or threatens normal system operation.

Incident categories:

Service availability issues

Data integrity or loss events

Security incidents

Performance degradation

Events outside these categories may be handled as standard support requests.

Reporting Incidents

Incidents may be reported automatically or manually.

Reporting sources:

Automated monitoring alerts

User or administrator reports

External partner notifications

All incident reports are logged and timestamped.

Classification and Severity

Incidents are classified by severity to guide response priority.

Severity levels:

Critical

High

Medium

Low

Severity considers impact, scope, and urgency.

Response and Containment

Once classified, incidents are assigned to responders and containment actions begin.

Response actions:

Traffic isolation

Feature degradation or disablement

Temporary safeguards

Actions prioritize data safety and service stability.

Investigation and Resolution

Root cause analysis is performed in parallel with mitigation.

Resolution steps:

Identify root cause

Apply corrective fix

Validate system recovery

Resolution actions are documented.

Communication and Updates

Stakeholders are kept informed during incident handling.

Communication practices:

Initial incident acknowledgement

Periodic status updates

Resolution confirmation

Communication scope respects tenant isolation.

Post-Incident Review

Significant incidents undergo post-incident review.

Review outcomes:

Root cause documentation

Preventive actions

Process improvements

Reviews are tracked and auditable.

Security and Isolation

Incident handling operates within tenant boundaries. Data exposure is minimized, and all actions are logged for audit and compliance purposes.