Incident Response Planning & Tracking

Incident Management

Create your incident response plan and track incidents

Put your organization ahead of the curve by creating a plan for handling incidents. When an incident occurs, track and document the response process through the six stages outlined by the National Institute of Standards and Technology (NIST SP 800-61 rev. 2).

Incident Response Plan

Create and manage your plan for responding to incidents. Get a jump start with helpful features and suggested wording based on NIST's Computer Security Incident Handling Guide.

Customize the plan to fit your organization by modifying the incident handling process, documenting roles and responsibilities, developing action plans for incident types, and much more.

Tracking & Documenting

When an incident occurs, track and document what takes place during each stage.

The incident tracking component was designed to reflect the stages of an incident, as outlined by NIST. During each stage, you will be able to document exactly what happens, so you can learn from it and update your plan accordingly.


Refer to the automated timeline for an audit trail of certain date-and-time stamped actions. Add comments to explain your processes and communicate with members of your team.

To ensure visibility, the timeline is accessible throughout the incident tracking process, from the dashboard through each stage-dedicated page.

Additional Features

  • Use global reporting to generate standardized documents
  • Start with our template incident response plan text and customize it to make it your own
  • Specify roles and responsibilities for incident response within your organization
  • Store contact information for third parties needed for incident response
  • Create custom sections for your incident response plan document
  • Define terms used in your incident response plan with a built-in glossary
  • Track an unlimited number of incidents
  • Document and track the chain-of-custody for evidence related to incidents
  • Create incident handling tasks, assign them to users, and monitor their status
  • Run reports to identify gaps in your incident handling
Are you interested in
Incident Management Software?

Frequently Asked Questions

Yes. Tandem provides template language in the software that we call "suggested content." You can use our suggested content as a starting point, and quickly adapt the language to fit your company's unique requirements. Our suggested content is based on NIST Special Publication 800-61 revision 2 ("Computer Security Incident Handling Guide") and other industry guidance.

The suggested content in Tandem is built and maintained by security and compliance experts who perform information security consulting daily.

Yes. Tandem offers a Knowledge Base with articles written by Tandem experts. While you navigate the product you will also find help tips along the way.

Yes. Tandem Support is available 8:00 AM – 5:00 PM (CT), Monday through Friday to answer your questions about Tandem application features.

For help with establishing or executing your incident management program, check out our partners who can provide incident management consulting.

You are also invited to attend our annual KEYS conference to connect with other users and learn from Tandem experts.

Tandem Support is pleased to offer complimentary training webinars twice a month for our customers, and recordings of those training sessions are available on-demand.

A Knowledge Base is available with articles to help you learn about Tandem.

You can stay up-to-date on our latest features by subscribing to our Software Update emails.

Personal training is also available by request for an additional fee.

Yes. Tandem maintains high marks through the following testing: SSAE 18 SOC 1 Type 2, CompTIA Security Trustmark+, internal audits and assessments, quarterly penetration tests.

Security controls include:

  • Secure data transmission between your browser and your servers
  • Data encrypted at rest using AES-256
  • User passwords are hashed and salted
  • Datacenter protected by firewall and intrusion detection/prevention systems (IDS/IPS)
  • Redundant Internet connections
  • Multifactor authentication options
  • Single Sign On (SSO) integration using SAML 2.0
  • IP address restrictions
  • User activity log
  • User access roles/restrictions

Tandem products are delivered via the Internet as Software as a Service (SaaS) applications. Tandem can be accessed from any device with a modern browser. No software installation or special equipment is required.

New features and updates are included with your annual subscription and automatically available. Each new feature is documented in our Software Updates blog.

Yes. Tandem Incident Management features integrate with Business Continuity Planning, Vendor Management, and Policies, to provide seamless sharing of data and help avoid duplication of information.

All Tandem products are available under the same secure website.

Yes. With a single login you can manage several companies' Incident Response Plans (requires a subscription for each company).

Ready to see what Tandem can do for you?