Incident Management

GuardSphere

Fast, Structured, and Documented Incident Response

When a security incident hits, every minute counts. GuardSphere ensures your team has a clear system to record, escalate, and resolve incidents in a structured way.

GuardSphere Icon

GuardSphere

Incident Management

Structured Incident RecordingAutomatic Escalation & NotificationIncident Chronology Timeline

277 min

Average time to identify a security incident without a structured system

Source: IBM Cost of a Data Breach 2023

54%

Reduction in incident cost when an organisation has a tested Incident Response Plan

Source: IBM Security

70%

Of security incidents go formally unreported because there's no easy reporting mechanism

Source: Ponemon Institute

Ad-hoc Incident Handling Makes the Impact Worse

Without a structured system, security-incident handling often descends into chaos: information scattered across group chats, unclear team assignments, an undocumented timeline of events, and evidence that can be lost.

Regulations and security standards such as ISO 27001:2022 and BSSN require comprehensive incident documentation. When an auditor or regulator asks for evidence of how you handled an incident, a WhatsApp thread won't be enough.

Beyond that, without structured incident data you can't analyse threat patterns, identify systemic weaknesses, or prove the improvements you've made over time.

How GuardSphere Works

A simple, structured process your team can run right away.

01

Report the Incident

Anyone in the organisation — technical or non-technical — can report an incident or suspicious event through a simple, structured form. Every report immediately receives a unique ID and timestamp.

02

Categorise & Set Severity

The security team categorises the incident by type and assigns a severity level (Low / Medium / High / Critical). The severity determines the response SLA that must be met.

03

Escalate & Assign the Team

The system sends automatic notifications to the appropriate response team based on category and severity. An incident lead and team members are assigned with clear roles.

04

Handle & Document in Real Time

Every action taken — status updates, evidence uploads, investigation comments — is recorded automatically in a tamper-proof chronological timeline.

05

Closure & Post-Incident Review

Once an incident is resolved, the team runs a structured review: root cause analysis, lessons learned, and corrective actions to prevent similar incidents in future.

Features & Capabilities

Built to meet real operational needs — not just a checklist of features that look good in a brochure.

Structured Incident Recording

A standard form with relevant fields: incident category, severity, affected systems, event description, and initial impact. Every incident receives a unique ID and an automatic timestamp when reported.

Automatic Escalation & Notification

Configure escalation routing by incident severity and category. Automatic notifications go to the right response team by email — ensuring no incident is missed or handled by the wrong person.

Incident Chronology Timeline

Every action taken — status updates, assignments, added evidence, team comments — is stored in a tamper-proof chronological timeline. This is crucial audit evidence.

Response Team Assignment

Assign team members with specific roles to each incident: incident lead, analyst, communication PIC. Every member receives notifications and visibility of their tasks.

Evidence Management

Upload and manage incident evidence — screenshots, log files, packet captures, emails, and relevant documents — centralised in one place linked directly to the incident record.

Post-Incident Review

A standardised post-incident review template that guides the team through lessons learned: root cause analysis, remediation steps, and the control changes needed to prevent recurrence.

Reporting & Trend Analysis

An analytics dashboard shows incident statistics by category, severity, average response time, and trends over time — valuable data for the security programme and management reporting.

Compliance & Supported Standards

GuardSphere is designed to help your organisation meet the relevant control requirements and information-security standards.

A.5.24

Information Security Incident Management Planning

GuardSphere implements the required incident-management planning and procedures, including the assignment of roles and responsibilities.

A.5.25

Assessment and Decision on Information Security Events

Supports the categorisation and assessment of security events to decide whether they should be escalated as incidents.

A.5.26

Response to Information Security Incidents

A structured response workflow ensures incidents are handled according to defined, documented procedures.

A.5.27

Learning from Incidents

Post-incident review and trend analysis support the process of learning from incidents for continual improvement.

Service Level Agreement (SLA)

As an incident-management platform, GuardSphere applies a stricter availability commitment. The following SLAs apply to all Customers and form part of the mutually signed Service Agreement.

Uptime

99.9%

Monthly service availability — higher than other products given GuardSphere's role in critical incident response

Critical Incident Response

2 business hours

First response time for issues affecting the team's ability to handle security incidents

Normal Issue Response

8 business hours

First response time for support requests and general technical questions

Data Backup

Daily

Automatic daily incident-data backup, retained for a minimum of 36 months for audit needs

RTO (Recovery Time)

4 hours

Maximum time to restore service after a major incident affecting platform availability

RPO (Recovery Point)

8 hours

The most recent data point guaranteed to be recoverable in a system-failure scenario

Incident Notification

≤ 1 hour

Maximum time to notify Customers once an availability incident is identified

* All SLAs are measured monthly and apply from the subscription activation date.

Who Needs GuardSphere?

This platform is designed to address the real pain points of different roles across the organisation.

01

IT Security / SOC Team

Needs a centralised system to record and track incidents in real time, replacing unstructured spreadsheets or group chats.

02

Compliance Manager / ISO 27001 Owner

Needs comprehensive incident documentation and a complete audit trail as evidence of implementing controls A.5.24–A.5.28 for ISO 27001 auditors.

03

IT Manager / CTO

Wants visibility of all incidents in progress, team response times, and threat trends for reporting to senior management.

Frequently Asked Questions

Still have questions about GuardSphere? Reach out to our team via the contact page or the footer.

What counts as an 'incident' in the context of GuardSphere?

GuardSphere is designed to manage information-security incidents broadly — from policy violations, unauthorised access, and lost devices to malware and service incidents that affect security. Incident categories can be configured to match your company's internal policy definitions.

Can non-technical employees report incidents?

Yes. GuardSphere provides a simple, intuitive reporting form for non-technical users. Employees can report an incident or suspicious event without needing to understand security terminology — the security team then performs the assessment and categorisation.

How long is incident data retained in GuardSphere?

Incident data is retained for a period you can configure to your policy — a minimum of 3 years is recommended for ISO 27001 audit needs. Data isn't deleted automatically; deletion can only be performed by an administrator, and it is logged.

How can different teams collaborate on a single incident in GuardSphere?

GuardSphere allows flexible role assignment within a single incident — the incident lead, analyst, and communication PIC can work in parallel. Each team member receives email notifications for relevant updates, can add comments, upload evidence, and update status in real time. All activity is recorded in a tamper-proof chronological timeline.

How does GuardSphere help during an ISO 27001 certification audit?

ISO 27001 auditors will ask for evidence that security incidents are recorded and handled according to procedure. GuardSphere can export incident reports, the audit trail, and lessons-learned summaries covering the full requirements of Clauses A.5.24–A.5.28 in a ready-to-submit format.

Ready to Try GuardSphere?

Schedule a free demo and see firsthand how GuardSphere can simplify incident management in your organisation.