Incident management
Severity levels P1-P4, NIS2 reporting timers, DORA classification, and post-mortem
The problem
When a cybersecurity incident occurs, teams are under pressure to react quickly while meeting strict reporting deadlines. Without a structured process, notification steps are missed, evidence is poorly collected, and final reports are incomplete or late.
Our solution
Conformitly guides your teams through each step of incident management, with automatic timers for NIS2 deadlines (24h, 72h, 1 month), automatic classification according to DORA criteria, response checklists by severity level, and post-mortem templates.
Key capabilities
Severity levels P1 to P4
Incident classification into four severity levels (P1 critical to P4 minor), each with specific response procedures, escalation timelines, and adapted action checklists.
NIS2 reporting timers
Automatic counters for the three Article 23 NIS2 deadlines: early warning within 24 hours, notification within 72 hours, final report within 1 month. Visual alerts and notifications as deadlines approach.
DORA classification
Automatic incident classification according to DORA criteria: number of affected clients, duration of disruption, financial losses, geographic spread, and impact on availability of critical services.
Post-mortem and lessons learned
Structured post-mortem templates including incident timeline, root cause analysis, corrective measures, lessons learned, and preventive actions. Automatic tracking of corrective action implementation.