Skip to content
English
  • There are no suggestions because the search field is empty.

Risk & Compliance Incidents - SOP

Standard Operating Procedure - Risk & Compliance Incidents Module

 

1. PURPOSE AND SCOPE

This SOP defines the step-by-step procedures for using the BG Live Risk & Compliance Incidents module to log, assess, investigate, and close incidents.

Applies to: All personnel responsible for incident management activities.

2. SYSTEM ACCESS AND NAVIGATION

2.1 Accessing the Module

  1. Log into BG Live platform
  2. Navigate to Risk Intelligence in left sidebar
  3. Select Risk and Compliance Incidents
  4. Choose All in Mind to view your assigned incidents

2.2 User Roles

  • Risk User: Can access incidents where they are involved as logger, assessor, owner, coordinator, or record owner
  • Risk Manager: Full access to all incidents and configuration settings

3. LOGGING NEW INCIDENTS

3.1 Creating an Incident

  1. Click Create New from the incidents list
  2. Complete mandatory fields:
    • Incident Name: Concise, descriptive title
    • Description: What happened, when, duration, who/what affected, known impacts
    • Assessor: Select person to evaluate incident impact

3.2 Using RAiDAR AI Enhancement

  1. Enter your incident description
  2. Click Analyze with RAiDAR
  3. Review AI suggestions for improving description quality
  4. Manually incorporate relevant feedback
  5. Note: RAiDAR provides suggestions only - you must review and edit

3.3 Date and Location Setup

  1. Date Identified: When you discovered the incident
  2. Date Occurred: When incident actually happened (if known)
  3. Date Logged: Auto-populated with current date
  4. Select affected Locations from dropdown
  5. Answer: “Is this currently disrupting your ability to operate?”
    • Yes: System offers connection to Resilience Incidents module
    • No/Don’t Know: Continue with standard workflow

3.4 Save and Progress

  • Click Save to create incident record
  • System assigns unique incident number
  • Incident moves to Assessment phase

4. INCIDENT ASSESSMENT

4.1 Impact Assessment Process

  1. Consequence Level: Select from organizational framework (Insignificant, Minor, Moderate, Major, Catastrophic)
  2. Consequence Categories: Choose applicable impact areas
  3. Assessment Comments: Provide detailed impact analysis

4.2 Strategic Impact Questions

Answer all three questions:

  1. Financial Impact: “Could this lead to a material financial impact?”
    • If Yes: Provide estimated impact and comments
  2. Critical Operations: “Could it impact ability to maintain critical operations?”
    • If Yes: Identify affected operations
  3. Compliance Breach: “Could it lead to a reportable compliance breach?”
    • If Yes: Identify relevant regulations

4.3 Assign Ownership

  1. Select Incident Owner from organizational directory
  2. Add comments explaining ownership rationale
  3. Click Next to lock assessment data
  4. Warning: Assessment cannot be changed after clicking Next

5. CONNECTING RECORDS

5.1 Link Related Records

Connect incident to relevant organizational elements:

  1. Processes: Select affected business processes
  2. Policies: Choose any breached organizational policies
  3. Service Providers: Add external parties involved
  4. Critical Operations: Auto-populated from connected processes

5.2 Team Assembly

  1. Automatic Recommendations: System suggests team members based on record ownership
  2. Review Recommendations: Accept, modify, or reject as appropriate
  3. Manual Additions: Add additional team members using search function
  4. Assign Coordinator: Mandatory role for managing incident response

6. ESCALATION DECISION

6.1 Critical Decision Point

Answer: “Do we need to notify anyone or complete investigations?”

Select “No” if:

  • Incident already contained and resolved
  • Recording for compliance purposes only
  • No further investigation needed
  • Result: Skip to Review phase

Select “Yes” if:

  • Active incident requiring management
  • Investigation needed
  • Stakeholder notifications pending
  • Result: Enter Contain & Respond phase

7. CONTAIN AND RESPOND (Active Incidents)

7.1 Ongoing Management

  • Re-entry: Can exit and return to update incident multiple times
  • Status Updates: Document progress regularly
  • Team Modifications: Add/remove team members as needed

7.2 Reassessment Process

  1. Update consequence level if situation changes
  2. Modify consequence categories as needed
  3. Revise strategic impact answers
  4. Add reassessment comments
  5. Click Save Assessment to create new assessment record

7.3 Action Management

Create Actions:

  1. Select action type: Comment, Communication, Decision, or Task
  2. For Tasks:
    • Assign to specific team member
    • Set due date
    • Choose status (Not Started, In Progress, Complete)
    • Add detailed description

Use RAiDAR for Response Suggestions:

  1. Click Generate potential response tasks
  2. Review AI-suggested response activities
  3. Accept, modify, or use suggestions as inspiration
  4. Create actual tasks based on recommendations

7.4 Progress to Review

Answer: “Has the incident been contained and effectively responded to?”

  • Yes: Move to Review phase
  • No: Continue response activities

8. REVIEW AND CLOSURE

8.1 Final Record Review

  1. Confirm Linkages: Review and edit connected processes, policies, service providers
  2. Add/Remove: Update connections based on investigation findings
  3. Save Changes: Finalize all record connections

8.2 Impact Documentation

Customer Impact:

  • Enter number of customers affected
  • Document impact duration and severity

Financial Impact:

  • Record total financial cost
  • Include direct and indirect costs

Compliance Impact:

  • Confirm if reportable breach occurred
  • Document regulatory notifications made
  • Select relevant regulators from dropdown

8.3 Severity Analysis

Answer: “Could the consequence have been significantly more serious?”

  • Yes: Document what could have happened and what prevented it
  • No: Continue to root cause analysis

8.4 Root Cause Analysis

  1. Select Classification:
    • Factor: High-level category (People, Operations, Technology, External)
    • Category: Mid-level grouping
    • Root Cause: Specific underlying cause
  2. Detailed Description: Explain why incident occurred
  3. Use RAiDAR: Get AI suggestions for root cause analysis quality
  4. Attachments: Upload supporting documentation

8.5 Risk and Control Connections

  1. Failed Controls: Select controls that didn’t work effectively
  2. Risk Classes: Choose associated risk types
  3. Action Plans: Link to existing plans or create new ones
  4. Re-evaluation: Indicate if controls/risks need reassessment

8.6 Closure Process

  1. Completion Checklist: Confirm all required activities completed:
    • Actions completed
    • Root cause analysis done
    • Action plans sufficient
    • Stakeholders notified
  2. PIR Report: Generate Post-Incident Review report
  3. Closure Authorization: Select person authorized to close incident
  4. Close Incident: Update status to “Closed”

9. POST-CLOSURE REVIEW (Optional)

9.1 Second-Line Review

For Risk Managers:

  1. Access closed incidents requiring review
  2. Review all incident documentation and PIR report
  3. Answer: “Do you concur with the closure of this incident?”
    • Yes: Incident moves to “Closed Post Review”
    • No: Returns to “Closed Pending Review” with comments for remediation

10. REPORTING AND DATA EXTRACTION

10.1 Filtering and Sorting

  1. Dynamic Filters: Use dropdown filters for status, consequence level, dates
  2. Column Sorting: Click column headers to sort data
  3. Custom Views: Save frequently used filter combinations

10.2 Data Export

  1. Extract Function: Export filtered incident data
  2. PIR Reports: Generate individual incident reports
  3. Pivot Tables: Create custom analytical reports

10.3 Dashboard Views

  • My Incidents: View all incidents where you’re involved
  • Team Workload: Monitor assigned tasks and responsibilities
  • Status Overview: Track incidents by phase and age

11. SYSTEM CONFIGURATION

11.1 Field Customization (Risk Managers)

  1. Access Field Configuration settings
  2. Toggle Fields: Make fields visible, optional, or mandatory
  3. Workflow Simplification: Hide unused fields for streamlined process
  4. Save Configuration: Apply changes to organizational setup

11.2 Notification Settings

  • Configure automatic notifications for team assignments
  • Set up escalation alerts for overdue actions
  • Customize email templates for stakeholder communications

12. TROUBLESHOOTING

12.1 Common Issues

Cannot Progress Incident:

  • Ensure all mandatory fields completed
  • Verify user has appropriate role permissions
  • Check that required team roles assigned

Assessment Data Locked:

  • Use reassessment function in Contain & Respond phase
  • Original assessment preserved for audit trail
  • New assessments create additional records

Missing Team Members:

  • Manually add team members using search function
  • Verify user permissions for selected individuals
  • Check organizational directory for correct names

12.2 Data Recovery

Accidental Exit:

  • Use incident number to search and reopen
  • System preserves all entered data
  • Continue from last saved point

Lost Changes:

  • Click Save regularly during data entry
  • System auto-saves at key progression points
  • Contact system administrator for data recovery assistance