# Incident Management

### Logging an Incident & Creating Reports

Per DORA's technical standards, three reports must be submitted for **major ICT-related incidents.**&#x20;

{% stepper %}
{% step %}

#### **Adding an Incident**

This will log the Incident in DORAedge so that the reports can start to be created.

Whether the Incident is classified as **major** or **non-major** is determined by answering the questions in the Criticality step.&#x20;

* *After saving the Incident, the classification can be updated with a reason on the Incident's page by clicking on the classification.*
  {% endstep %}

{% step %}

#### **Report 1: Initial notification**

Where applicable, details submitted when adding the Incident are pre-filled in the Initial Notification report.
{% endstep %}

{% step %}

#### **Report 2: Intermediate**&#x20;

Where applicable, details from the Initial Notification are pre-filled in the Intermediate report.
{% endstep %}

{% step %}

#### Report 3: Final&#x20;

Where applicable, details from the prior reports (Initial notification and Intermediate) are pre-filled in the final report.&#x20;
{% endstep %}
{% endstepper %}

***

### Reporting Time Limits

DORA requires financial entities to submit Incident reports for ICT-related incidents that are categorized as major.

* **Major** incidents: the time limits for reporting are automatically set to mirror the technical standards for reporting major ICT-related incidents to Competent Authorities. &#x20;
  * Please note that Incident reports created in DORAedge must be **exported and submitted** to Competent Authorities per their specific submission guidelines within the time limit requirement.
* **Non-major** incidents: As of April 2026, DORAedge has not yet implemented suggested discretionary time limits, as non-major reports are not required to be reported to Competent Authorities/EBA.&#x20;

***

### Activity Timeline

DORAedge captures both system-generated and user-logged information related to the Incident.

* **System generated**: triggered upon logging incidents as well as creating and updating reports&#x20;
* **User-logged**: internal, freeform comments can be left in the Status Updates field &#x20;
  * This can be used for tracking offline incident activity, e.g., sending reports outside of DORAedge and submitting them to Competent Authorities&#x20;

***

### Exporting Reports

After a report is created, click **Open** to see the report details in a slide out. Click **Export Report**, and select the desired file format for the exported report per your Competent Authority's requirements.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.doraedge.com/user-guide/incident-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.