Incident Management
GuardSphere
Fast, Structured, and Documented Incident Response
When a security incident hits, every minute counts. GuardSphere ensures your team has a clear system to record, escalate, and resolve incidents in a structured way.

GuardSphere
Incident Management
277 min
Average time to identify a security incident without a structured system
Source: IBM Cost of a Data Breach 2023
54%
Reduction in incident cost when an organisation has a tested Incident Response Plan
Source: IBM Security
70%
Of security incidents go formally unreported because there's no easy reporting mechanism
Source: Ponemon Institute
Ad-hoc Incident Handling Makes the Impact Worse
Without a structured system, security-incident handling often descends into chaos: information scattered across group chats, unclear team assignments, an undocumented timeline of events, and evidence that can be lost.
Regulations and security standards such as ISO 27001:2022 and BSSN require comprehensive incident documentation. When an auditor or regulator asks for evidence of how you handled an incident, a WhatsApp thread won't be enough.
Beyond that, without structured incident data you can't analyse threat patterns, identify systemic weaknesses, or prove the improvements you've made over time.
How GuardSphere Works
A simple, structured process your team can run right away.
Report the Incident
Anyone in the organisation — technical or non-technical — can report an incident or suspicious event through a simple, structured form. Every report immediately receives a unique ID and timestamp.
Categorise & Set Severity
The security team categorises the incident by type and assigns a severity level (Low / Medium / High / Critical). The severity determines the response SLA that must be met.
Escalate & Assign the Team
The system sends automatic notifications to the appropriate response team based on category and severity. An incident lead and team members are assigned with clear roles.
Handle & Document in Real Time
Every action taken — status updates, evidence uploads, investigation comments — is recorded automatically in a tamper-proof chronological timeline.
Closure & Post-Incident Review
Once an incident is resolved, the team runs a structured review: root cause analysis, lessons learned, and corrective actions to prevent similar incidents in future.
Features & Capabilities
Built to meet real operational needs — not just a checklist of features that look good in a brochure.
Structured Incident Recording
A standard form with relevant fields: incident category, severity, affected systems, event description, and initial impact. Every incident receives a unique ID and an automatic timestamp when reported.
Automatic Escalation & Notification
Configure escalation routing by incident severity and category. Automatic notifications go to the right response team by email — ensuring no incident is missed or handled by the wrong person.
Incident Chronology Timeline
Every action taken — status updates, assignments, added evidence, team comments — is stored in a tamper-proof chronological timeline. This is crucial audit evidence.
Response Team Assignment
Assign team members with specific roles to each incident: incident lead, analyst, communication PIC. Every member receives notifications and visibility of their tasks.
Evidence Management
Upload and manage incident evidence — screenshots, log files, packet captures, emails, and relevant documents — centralised in one place linked directly to the incident record.
Post-Incident Review
A standardised post-incident review template that guides the team through lessons learned: root cause analysis, remediation steps, and the control changes needed to prevent recurrence.
Reporting & Trend Analysis
An analytics dashboard shows incident statistics by category, severity, average response time, and trends over time — valuable data for the security programme and management reporting.
Compliance & Supported Standards
GuardSphere is designed to help your organisation meet the relevant control requirements and information-security standards.
Information Security Incident Management Planning
GuardSphere implements the required incident-management planning and procedures, including the assignment of roles and responsibilities.
Assessment and Decision on Information Security Events
Supports the categorisation and assessment of security events to decide whether they should be escalated as incidents.
Response to Information Security Incidents
A structured response workflow ensures incidents are handled according to defined, documented procedures.
Learning from Incidents
Post-incident review and trend analysis support the process of learning from incidents for continual improvement.
Service Level Agreement (SLA)
As an incident-management platform, GuardSphere applies a stricter availability commitment. The following SLAs apply to all Customers and form part of the mutually signed Service Agreement.
Uptime
99.9%
Monthly service availability — higher than other products given GuardSphere's role in critical incident response
Critical Incident Response
2 business hours
First response time for issues affecting the team's ability to handle security incidents
Normal Issue Response
8 business hours
First response time for support requests and general technical questions
Data Backup
Daily
Automatic daily incident-data backup, retained for a minimum of 36 months for audit needs
RTO (Recovery Time)
4 hours
Maximum time to restore service after a major incident affecting platform availability
RPO (Recovery Point)
8 hours
The most recent data point guaranteed to be recoverable in a system-failure scenario
Incident Notification
≤ 1 hour
Maximum time to notify Customers once an availability incident is identified
* All SLAs are measured monthly and apply from the subscription activation date.
Who Needs GuardSphere?
This platform is designed to address the real pain points of different roles across the organisation.
IT Security / SOC Team
Needs a centralised system to record and track incidents in real time, replacing unstructured spreadsheets or group chats.
Compliance Manager / ISO 27001 Owner
Needs comprehensive incident documentation and a complete audit trail as evidence of implementing controls A.5.24–A.5.28 for ISO 27001 auditors.
IT Manager / CTO
Wants visibility of all incidents in progress, team response times, and threat trends for reporting to senior management.
Frequently Asked Questions
Still have questions about GuardSphere? Reach out to our team via the contact page or the footer.
What counts as an 'incident' in the context of GuardSphere?
GuardSphere is designed to manage information-security incidents broadly — from policy violations, unauthorised access, and lost devices to malware and service incidents that affect security. Incident categories can be configured to match your company's internal policy definitions.
Can non-technical employees report incidents?
Yes. GuardSphere provides a simple, intuitive reporting form for non-technical users. Employees can report an incident or suspicious event without needing to understand security terminology — the security team then performs the assessment and categorisation.
How long is incident data retained in GuardSphere?
Incident data is retained for a period you can configure to your policy — a minimum of 3 years is recommended for ISO 27001 audit needs. Data isn't deleted automatically; deletion can only be performed by an administrator, and it is logged.
How can different teams collaborate on a single incident in GuardSphere?
GuardSphere allows flexible role assignment within a single incident — the incident lead, analyst, and communication PIC can work in parallel. Each team member receives email notifications for relevant updates, can add comments, upload evidence, and update status in real time. All activity is recorded in a tamper-proof chronological timeline.
How does GuardSphere help during an ISO 27001 certification audit?
ISO 27001 auditors will ask for evidence that security incidents are recorded and handled according to procedure. GuardSphere can export incident reports, the audit trail, and lessons-learned summaries covering the full requirements of Clauses A.5.24–A.5.28 in a ready-to-submit format.
Ready to Try GuardSphere?
Schedule a free demo and see firsthand how GuardSphere can simplify incident management in your organisation.
