Incident management
Use Incident Management to track and resolve AI-related incidents throughout their complete lifecycle. This feature enables you to log incidents in detail, analyze root causes, document mitigations, and maintain approval workflows for regulatory compliance and operational reliability.
Prerequisites
Admin or Editor role required to create, edit, or archive incidents
Viewer role can view incident details
Access to the Governance section in the sidebar
Overview
Incident Management maintains a centralized log of all AI incidents, capturing incident type, severity, reporter details, and status. The feature records impact assessments, mitigations, corrective actions, and approval workflows to provide complete traceability from detection through resolution.
Key capabilities:
Track incidents through their complete lifecycle
Document harm categories and affected persons or groups
Record immediate mitigations and planned corrective actions
Manage approval workflows with multiple approval states
Filter and search incidents using multiple criteria
Archive resolved incidents while preserving historical records
Accessing Incident Management
To access the Incident Management page:
Open the sidebar navigation
Navigate to the Governance section
Select Incident Management
The page displays status cards at the top showing incident counts by status (Open, Investigating, Mitigated, Closed), followed by filter controls and a table listing all active incidents.
Creating a new incident
To create an incident:
Click Add new incident in the upper right corner
Complete the form fields organized in four sections
Click Save incident to create the incident
The form includes required and optional fields across the following sections.
Incident information
This section captures basic incident details:
AI use case or framework (required) Select the AI project or framework where the incident occurred.
Incident type Classify the incident using one of these predefined types:
Malfunction: System not functioning as designed
Unexpected behavior: System behaving outside expected parameters
Model drift: Model performance degrading over time
Misuse: Improper or unauthorized use of the AI system
Data corruption: Data quality or integrity issues
Security breach: Unauthorized access or security compromise
Performance degradation: Reduced system performance
Severity Assess the incident severity:
Minor: Limited impact on operations or users
Serious: Significant impact on operations or small user groups
Very serious: Widespread impact or critical system effects
Status Set the current investigation status:
Open: Newly reported, awaiting investigation
Investigating: Under active analysis
Mitigated: Temporary fixes in place, monitoring ongoing
Closed: Fully resolved and documented
Occurred date (required) Enter the date when the incident occurred. The date cannot be in the future.
Detected date (required) Enter the date when the incident was first detected. This may differ from the occurred date if the incident was discovered after it happened.
Reporter (required) Select the person who reported the incident from the user list.
Model / system version Record the version number of the AI model or system where the incident occurred. This helps with reproducibility and root cause analysis.
Impact assessment
This section documents the incident's impact and affected parties.
Categories of harm (required) Select at least one category that describes the type of harm caused:
Health: Physical or mental health impacts
Safety: Safety risks or hazards
Rights: Fundamental rights violations (privacy, discrimination, etc.)
Property: Damage to physical or intellectual property
Environment: Environmental damage or risks
Affected persons / groups List the individuals, groups, or populations affected by the incident. Include relevant details such as the number of people affected or specific demographic groups.
Description (required) Provide a detailed description of what happened. Include the sequence of events, what went wrong, and the immediate observable effects.
Relationship / causality Explain the causal relationship between the AI system and the incident. Describe how the system's behavior or failure led to the incident.
Response & actions
This section documents both immediate and planned responses to the incident.
Immediate mitigations taken Describe actions taken immediately to contain or reduce the incident's impact. Include temporary fixes, system shutdowns, rollbacks, or emergency procedures implemented.
Planned corrective actions Outline the long-term corrective and preventive actions planned to address root causes and prevent recurrence. Include timelines or responsible parties if known.
Approval & reporting
This section manages the approval workflow for incident documentation.
Approval status Set the current state of the approval process:
Pending: Awaiting review and approval
Approved: Incident documentation has been reviewed and approved
Rejected: Incident documentation requires revision
Not required: Formal approval not needed for this incident
Approved by Select the person responsible for approving the incident documentation.
Approval date Record the date when approval was granted.
Approval notes / comments Add comments explaining the approval decision, required changes, or additional context.
This incident has an interim report Enable this toggle if an interim report was filed before the incident was fully resolved. Interim reports document ongoing incidents that require regulatory notification before investigation is complete.
After completing all required fields, click Save incident. The system displays a success confirmation and adds the new incident to the table.
Viewing incident details
To view an incident in read-only mode:
Locate the incident in the table
Click the View icon (eye icon) in the Actions column
The incident drawer opens on the right side of the screen in view mode, displaying all incident information organized by section. All fields are read-only in this mode. Click Close to return to the incident list.
Editing an incident
To modify an existing incident:
Locate the incident in the table
Click the Edit icon (pencil icon) in the Actions column, or click anywhere on the incident row
The edit drawer opens on the right side with all current incident data pre-filled in the form fields. The incident ID displays in the header for reference. Modify any field as needed, then click Update incident to save your changes. The system displays a success confirmation and refreshes the incident table with the updated information.
Archiving an incident
Archiving removes resolved incidents from the active list while preserving the records in the system. Archived incidents no longer appear in the table or status card counts but remain stored for audit and compliance purposes.
To archive an incident:
Locate the incident in the table
Click the Archive icon (trash icon) in the Actions column
Review the confirmation dialog that states: "You are about to archive this incident. This action cannot be undone."
Confirm the action
The incident is immediately removed from the active list. The system displays a success message confirming the archive operation. Note that archiving is permanent and cannot be reversed through the user interface.
Filtering incidents
Filters narrow the incident list to show only incidents matching specific criteria. Three filter types are available above the incident table.
Status filter
To filter by incident status:
Click the Status dropdown above the table
Select one of these options:
All statuses (default, shows all incidents)
Open
Investigating
Mitigated
Closed
The table updates immediately to display only incidents with the selected status.
Severity filter
To filter by severity level:
Click the Severity dropdown
Select one of these options:
All severities (default, shows all incidents)
Minor
Serious
Very serious
Approval status filter
To filter by approval state:
Click the Approval status dropdown
Select one of these options:
All approval statuses (default, shows all incidents)
Pending
Approved
Rejected
Not required
Combining filters
Apply multiple filters simultaneously to narrow results further. The table displays only incidents that match all selected filter criteria. For example, you can view only "Serious" incidents that are "Open" and have "Pending" approval.
Filter selections persist in the browser URL, allowing you to bookmark specific filtered views or share them with team members by copying the URL.
Searching incidents
The search function helps you locate specific incidents by keyword.
To search incidents:
Click the search field above the table
Type your search term
The search function matches your input against three fields:
Incident ID
AI project name
Reporter name
Search results update as you type, filtering the table to show only matching incidents. The search works in combination with active filters. To clear the search and view all incidents again, delete the text from the search field.
Understanding incident status cards
Four status cards appear at the top of the Incident Management page, providing a quick overview of incident distribution across lifecycle stages. Each card displays the count of active incidents in that status.
Open (yellow) Newly reported incidents awaiting investigation.
Investigating (orange) Incidents currently under active analysis.
Mitigated (green) Incidents where temporary fixes or mitigations have been implemented and are being monitored.
Closed (gray) Fully resolved and documented incidents.
Hover over any card to see a tooltip with the exact count and status name. Archived incidents are excluded from these counts to keep the dashboard focused on active work.
Working with the incident table
The incident table displays all active incidents with detailed information in each row. Understanding the table structure helps you quickly identify and act on incidents.
Table columns
Incident ID Auto-generated unique identifier for each incident. This ID is used for reference and tracking.
AI Project Name of the AI use case or framework where the incident occurred.
Type Classification of the incident (Malfunction, Unexpected behavior, Model drift, etc.).
Severity Severity level displayed as a color-coded badge (Minor, Serious, Very serious).
Status Current investigation status shown with a color-coded badge (Open, Investigating, Mitigated, Closed).
Occurred Date Date when the incident occurred, displayed in YYYY-MM-DD format.
Reporter Name of the person who reported the incident.
Approval Status Current approval state shown with a color-coded badge (Pending, Approved, Rejected, Not required).
Approved By Name of the person who approved the incident documentation.
Actions Action buttons for viewing (eye icon), editing (pencil icon), and archiving (trash icon) the incident.
Color coding
The table uses consistent color coding in badge displays to help you quickly assess incident priority and status at a glance.
Severity colors
Minor: Green background
Serious: Orange background
Very serious: Red background
Status colors
Open: Yellow background
Investigating: Orange background
Mitigated: Green background
Closed: Gray background
Approval colors
Approved: Green background
Rejected: Red background
Pending: Gray background
Not required: Gray background
Pagination
Pagination controls appear at the bottom of the table when you have more incidents than can fit on one page.
The left side shows the current range being displayed (e.g., "Showing 1 - 10 of 25 incident(s)").
The right side provides pagination controls:
Rows per page dropdown: Select 5, 10, 15, or 25 incidents per page
Page indicator: Shows the current page number and total pages (e.g., "Page 1 of 3")
Navigation arrows: Move to the previous or next page
Your rows-per-page selection is saved to browser storage and persists across sessions.
Truncated text
To maintain a clean table layout, text values longer than 30 characters are truncated with an ellipsis (...). Hover your cursor over any truncated text to see the complete value in a tooltip.
Best practices
Follow these practices to maintain high-quality incident records and effective incident management.
Incident documentation
Document promptly Record incidents as soon as possible after detection while details are fresh and evidence is available.
Be specific and clear Write descriptions that clearly explain what happened, when it occurred, and what the immediate effects were. Avoid vague language.
Include version information Always record the model or system version involved. This information is critical for reproducing issues and identifying patterns.
Document the full response Record both immediate mitigations (what you did right away) and planned corrective actions (what you'll do to prevent recurrence).
Severity assessment
Minor severity Use for incidents with limited scope affecting few users or having minimal operational impact. Examples include minor prediction errors with no harm or brief performance delays.
Serious severity Use for incidents affecting normal operations or impacting identifiable user groups. Examples include incorrect recommendations affecting decision-making or system unavailability for specific features.
Very serious severity Use for incidents with widespread impact, affecting critical systems, or causing significant harm. Examples include safety risks, major privacy breaches, or system-wide failures.
Status management
Open Set this status when first creating an incident record. Use this for newly reported incidents awaiting investigation assignment.
Investigating Update to this status when active analysis begins. Use this while conducting root cause analysis and determining appropriate responses.
Mitigated Move to this status once temporary fixes are in place and monitoring is ongoing. Use this when the immediate risk is reduced but permanent fixes are still needed.
Closed Change to this status only after complete resolution, full documentation, and verification that corrective actions are effective. Do not close incidents prematurely.
Approval workflow
Pending status Use for incidents that require formal review and approval before being considered complete. Set this as the default for serious incidents.
Not required status Use for minor incidents that don't require formal approval per your organization's policies.
Document decisions Always complete the approval notes field to explain the approval decision, required changes, or conditions for approval.
Keep approvals current Update the approval status, approver, and date promptly when decisions are made to maintain an accurate audit trail.
Troubleshooting
Common issues and their solutions.
Cannot create or edit incidents
Cause: Insufficient permissions for the operation.
Solution: Verify your user role. Only Admin and Editor roles can create, edit, or archive incidents. Viewer role has read-only access. Contact your system administrator if you need elevated permissions.
Filters not showing expected results
Cause: Multiple filters or search terms combining to exclude incidents.
Solution: Clear all filters by selecting "All statuses," "All severities," and "All approval statuses." Clear the search field. Then reapply filters one at a time to identify which filter is causing unexpected results.
Missing incident data in table
Cause: Active filters or search terms excluding the incident from view.
Solution: Check the filter dropdowns and search field. Reset all filters to their default "All" settings and clear the search field to view all active incidents. If the incident still doesn't appear, it may have been archived.
Form validation errors when saving
Cause: Required fields are missing or contain invalid data.
Solution: Review the form for fields marked with error messages. Required fields include AI use case/framework, occurred date, detected date, reporter, categories of harm, and description. Ensure occurred date is not set to a future date.
Last updated
Was this helpful?