DailyWF / Policies

Incident Notification

Define who must be notified when incidents affect service, data, obligations, or reputation.

Type: PolicyVersion: v7

Policy intent

Incident notification policy should define when silence is no longer acceptable. It should identify who needs to know, how fast, and what level of certainty is required.

Minimum content

  1. Define who and what the policy covers, including systems, data, tools, users, vendors, and exceptions.
  2. Impact categories and notification thresholds.
  3. Internal and external notification paths.
  4. Message owner and approval constraints.
  5. Update cadence until closure or downgrade.

Expected output

A policy page that states expectations clearly enough to guide approval, exception, and review decisions.

Common failure mode

Waiting for certainty before communicating impact and next update time.

Use notes

AuthorityIdentify who can approve, deny, and grant exceptions.
Exception handlingGive exceptions an owner, reason, expiration, and review date.
Review pointReview when law, tools, contracts, ownership, or operational risk changes.

Related pages

Use this with a tool

Find related documents, copy a checklist, or request a missing workflow.