Who is this article for?

Users who want to learn to raise and manage incidents.

No elevated permissions are required.

This guide explains how to raise an incident, send it to suppliers, and manage supplier responses.

1. Introduction to incident management

The incident management area provides a structured way to communicate with suppliers, collect root cause analyses, and implement preventative actions. The workflow follows standard ISO27001 or ITIL-based incident management processes.

Key concepts include:

• Incident details: Record all details and descriptions of the incident to inform suppliers.
• Investigation summary: Suppliers can enter an investigation summary with evidence of steps taken.
• Root cause analysis: Suppliers provide information on the cause of the incident and attach evidence.
• Corrective/preventative actions: Suppliers enter corrective and preventative actions. These are approved at the customer level and can also be raised against the supplier.
• Incident approval: Set the status of the incident to closed once all analysis and actions are resolved and accepted.

2. Raising an incident

1. From the global navigation, select Solutions, then select Site Actions from the left navigation.

2. Ensure the Incidents tab is selected.
3. Select Raise Incidents from the main menu and then click the Raise incident button displayed above the counts.

4. Complete the following fields:
   • Name: Enter a unique name to identify the incident.
   • Severity: Select the severity level (minor, major, critical).
   • Incident date: Record the date and time of occurrence.
   • Source: Select the source (e.g. customer complaint, enforcement authority).
   • Incident type and sub-type: Categorise the incident.
   • Reference and type: Add multiple references for customers or sites to correspond to other systems.
   • Repeat incident: Indicate if this has occurred before (Y/N).
   • Affected sites: Select affected internal sites.
   • Evidence: Provide details and attach files.
   • Assignee: Assignees and the creator are the only users who can close or edit details.

5. Send the incident to your supplier or select your own company to provide a response. Complete the following fields:
   • Associated site: Select from the Supply Chain directory.
   • Product details: Enter product details or select from mapped products.
   • Best before date: Enter the product’s best before date.
   • Batch number: Record the batch number.
   • Response due date: Specify when a response is required.
   • Recipient: Select a contact or add recipient details.
   • Share with companies: Share information with customers or third parties.

6. Sending the incident generates an email to the selected recipient.

3. Supplier response

1. The recipient will receive an email with incident details and the required response date/time. A task will also appear on their dashboard.

2. Suppliers select View incident to see full details and download/view evidence.

3. Suppliers can enter:
   • Investigation summary: High-level investigation details.
   • Root cause analysis: Explanation of the root cause and circumstances.
   • Incident reason: Select from the drop-down list (e.g. human error, machine error).
   • Corrective actions: Immediate steps to prevent recurrence.
   • Preventative actions: Long-term measures to eliminate the cause.
   • Attachments and evidence for investigation, root cause, and corrective/preventative actions.
4. Evidence can also be added to corrective and preventative actions once they are set as complete.
5. Once completed, suppliers send the incident back to the customer.
6. Suppliers can reject an incident by providing a comment explaining why they believe it is unfounded.