Incident Response Planning & Tracking
Create your incident response plan and track incidents
Put your organization ahead of the curve by creating a plan for handling incidents. When an incident occurs, track and document the response process through the six stages outlined by the National Institute of Standards and Technology (NIST SP 800-61 rev. 2).
Incident Response Plan
Create and manage your plan for responding to incidents. Get a jump start with helpful features and suggested wording based on NIST's Computer Security Incident Handling Guide.
Customize the plan to fit your organization by modifying the incident handling process, documenting roles and responsibilities, developing action plans for incident types, and much more.
Tracking & Documenting
When an incident occurs, track and document what takes place during each stage.
The incident tracking component was designed to reflect the stages of an incident, as outlined by NIST. During each stage, you will be able to document exactly what happens, so you can learn from it and update your plan accordingly.
Refer to the automated timeline for an audit trail of certain date-and-time stamped actions. Add comments to explain your processes and communicate with members of your team.
To ensure visibility, the timeline is accessible throughout the incident tracking process, from the dashboard through each stage-dedicated page.
Use Tandem default action plans or create your own to ensure your organization is prepared for responding to a future incident.
When tracking an incident, action steps can be dynamically added to the various stage pages, based on incident type. Associate categories with the incident and follow your plans to ensure accurate and efficient response.
Incident Response Teams
As part of your organization's incident response plan, you can set up teams.
Document contact information, associate team members, and provide a description to outline team charters, strategic goals, and responsibilities.
Incident handlers are vital to seeing an incident through from beginning to end.
In your organization's incident response plan, you will be able to establish these handler roles and define their responsibilities.
Incidents can fall into a variety of categories and subcategories. Defining the categories in your incident response plan will keep your organization prepared for any type of incident.
Categories are used to connect your action plans to an incident, as well as assist with classification for reporting purposes.
Preview Action Plan
Once your action plans are created, test your plans prior to use in an actual incident.
Use the Preview option to ensure the correct action steps are included in a logical order.
Security Incident Management Training
Enroll employees in an online Security Incident Management Training course. This course is designed to educate your staff on their responsibilities as it relates to how they can prevent, detect, and respond to relevant security incidents. With the training, you can assess learning objectives through built-in quizzes and generate reports to show training completion and effectiveness.
Effortlessly generate your incident response plan or details about incidents that have occurred to share with your executive team, board of directors, auditors, and examiners.
These customizable documents are available in Microsoft Word and Adobe PDF formats.
- Use global reporting to generate standardized documents
- Start with our template incident response plan text and customize it to make it your own
- Specify roles and responsibilities for incident response within your organization
- Store contact information for third parties needed for incident response
- Create custom sections for your incident response plan document
- Define terms used in your incident response plan with a built-in glossary
- Track an unlimited number of incidents
- Document and track the chain-of-custody for evidence related to incidents
- Create incident handling tasks, assign them to users, and monitor their status
- Run reports to identify gaps in your incident handling
Frequently Asked Questions
Yes. Tandem provides template language in the software that we call "suggested content." You can use our suggested content as a starting point, and quickly adapt the language to fit your company's unique requirements. Our suggested content is based on NIST Special Publication 800-61 revision 2 ("Computer Security Incident Handling Guide") and other industry guidance.
The suggested content in Tandem is built and maintained by security and compliance experts who perform information security consulting daily.
Yes. Tandem offers a Knowledge Base with articles written by Tandem experts. While you navigate the product you will also find help tips along the way.
Yes. Tandem Support is available 8:00 AM – 5:00 PM (CT), Monday through Friday to answer your questions about Tandem application features.
For help with establishing or executing your incident management program, check out our partners who can provide incident management consulting.
You are also invited to attend our annual KEYS conference to connect with other users and learn from Tandem experts.
Tandem Support is pleased to offer complimentary training webinars twice a month for our customers, and recordings of those training sessions are available on-demand.
A Knowledge Base is available with articles to help you learn about Tandem.
You can stay up-to-date on our latest features by subscribing to our Software Update emails.
Personal training is also available by request for an additional fee.
Yes. Tandem maintains high marks through the following testing: SSAE 18 SOC 1 Type 2, CompTIA Security Trustmark+, internal audits and assessments, quarterly penetration tests.
Security controls include:
- Secure data transmission between your browser and your servers
- Data encrypted at rest using AES-256
- User passwords are hashed and salted
- Datacenter protected by firewall and intrusion detection/prevention systems (IDS/IPS)
- Redundant Internet connections
- Multifactor authentication options
- Single Sign On (SSO) integration using SAML 2.0
- IP address restrictions
- User activity log
- User access roles/restrictions
Tandem products are delivered via the Internet as Software as a Service (SaaS) applications. Tandem can be accessed from any device with a modern browser. No software installation or special equipment is required.
New features and updates are included with your annual subscription and automatically available. Each new feature is documented in our Software Updates blog.
Yes. Tandem Incident Management features integrate with Business Continuity Planning, Vendor Management, and Policies, to provide seamless sharing of data and help avoid duplication of information.
All Tandem products are available under the same secure website.
Yes. With a single login you can manage several companies' Incident Response Plans (requires a subscription for each company).