Incident Reporting

All incidents are captured via /dashboard/incidents with a consistent taxonomy — severity, root cause, affected assets, data categories. The framework tags determine which notification clocks start.

• DORA / CSSF 24/847: 4-hour internal escalation → 24h initial → 72h intermediate → 1-month final.
• NIS2: 24h early warning → 72h notification → 1-month final report.
• GDPR Art. 33: 72h to the supervisory authority.
• CRA Art. 14: 24h early warning → 72h notification → 14-day final report via ENISA single reporting platform.

1. Tag the incident with affected frameworks.
2. OneComply schedules the deadlines and emits reminders to the response team.
3. Each deadline renders a pre-filled template (CSSF, ENISA, DPA, etc.).
4. "Mark Notified" stops the clock and records the artefact to the audit trail.