# Incident Management

### Logging an Incident & Creating Reports

Per DORA's technical standards, three reports must be submitted for **major ICT-related incidents.**&#x20;

{% stepper %}
{% step %}

#### **Adding an Incident**

This will log the Incident in DORAedge so that the reports can start to be created.

Whether the Incident is classified as **major** or **non-major** is determined by answering the questions in the Criticality step.&#x20;

* *After saving the Incident, the classification can be updated with a reason on the Incident's page by clicking on the classification.*
  {% endstep %}

{% step %}

#### **Report 1: Initial notification**

Where applicable, details submitted when adding the Incident are pre-filled in the Initial Notification report.
{% endstep %}

{% step %}

#### **Report 2: Intermediate**&#x20;

Where applicable, details from the Initial Notification are pre-filled in the Intermediate report.
{% endstep %}

{% step %}

#### Report 3: Final&#x20;

Where applicable, details from the prior reports (Initial notification and Intermediate) are pre-filled in the final report.&#x20;
{% endstep %}
{% endstepper %}

***

### Reporting Time Limits

DORA requires financial entities to submit Incident reports for ICT-related incidents that are categorized as major.

* **Major** incidents: the time limits for reporting are automatically set to mirror the technical standards for reporting major ICT-related incidents to Competent Authorities. &#x20;
  * Please note that Incident reports created in DORAedge must be **exported and submitted** to Competent Authorities per their specific submission guidelines within the time limit requirement.
* **Non-major** incidents: As of March 2024, DORAedge has not yet implemented suggested discretionary time limits, as non-major reports are not required to be reported to Competent Authorities/EBA.&#x20;

***

### Activity Timeline

DORAedge captures both system-generated and user-logged information related to the Incident.

* **System generated**: triggered upon logging incidents as well as creating and updating reports&#x20;
* **User-logged**: internal, freeform comments can be left in the Status Updates field &#x20;
  * This can be used for tracking offline incident activity, e.g., sending reports outside of DORAedge and submitting them to Competent Authorities&#x20;

***

### Exporting Reports

After a report is created, click **Open** to see the report details in a slide out. Click **Export Report**, and select the desired file format for the exported report per your Competent Authority's requirements.&#x20;