Structured incident workflows with evidence capture and regulatory notification tracking.
The challenge
Incidents are logged in Slack, email, or spreadsheets. Evidence disappears. Regulatory notification deadlines are missed. Post-incident reports never capture the full timeline.
How Fig helps
Every incident follows a defined response playbook with step-by-step checklists, approval gates, and automated escalations. Nothing is forgotten.
All incident actions, communications, system logs, and decisions recorded in a shared investigation workspace. MSPs and clients collaborate from the same evidence timeline. Automatic evidence packs for regulatory review and law enforcement.
Fig manages the full incident lifecycle natively, including automatic severity classification, 72-hour GDPR breach notification clocks, escalation workflows, post-incident review automation, and repeat incident detection.
Regulatory notification timelines calculated automatically based on incident classification and jurisdiction. Reminders trigger with required disclosure content pre-filled.
Automated timeline generation, root cause tracking, and remediation recommendations. Findings linked back to preventative controls. Includes tabletop exercise planning and execution for NIS2 and DORA compliance.
Audit-ready workflow
Incident Management should not be treated as a standalone tool surface. In Fig it is part of a governed workflow: a signal is captured, an owner is assigned, a control or risk is updated, and evidence is retained so the organisation can prove what happened later.
Lifecycle
The Respond phase is where this capability sits in the wider Fig operating model. Incidents are logged in Slack, email, or spreadsheets. Evidence disappears. Regulatory notification deadlines are missed. Post-incident reports never capture the full timeline. Fig turns that problem into a repeatable lifecycle so MSPs, risk teams, and auditors are not relying on static spreadsheets or ad hoc screenshots when a buyer asks for proof.
Evidence captured
For incident management, useful evidence normally includes the triggering record, the affected asset or supplier, the control requirement, the assigned owner, the decision made, the timestamp, and the outcome. That evidence is mapped back to frameworks such as Cyber Essentials, ISO 27001, NIS2, DORA, GDPR, CMMC, and internal policy requirements where relevant.
Implementation checks
Useful references
The exact evidence required still depends on your scope, risk profile, sector, and framework obligations.
Built for you
Client incident response workflows standardised and white-labelled. Multi-client incident dashboard and portfolio breach trending.
Learn moreCentralised incident coordination across teams with built-in regulatory notification checklists. Board-ready incident summaries generated automatically.
Learn moreComplete incident lifecycle evidence for regulatory obligations under GDPR, NIS2, and DORA. Notification compliance and response timelines auditable.
Learn moreCommon questions
Incidents can be reported via an in-app form, email integration, Slack commands, or automated detection rules. Severity is assigned on intake and can be adjusted as investigation evolves.
Yes. Fig calculates UK GDPR and ePrivacy Regulations notification deadlines based on incident classification. It auto-populates regulatory notification templates and tracks disclosure status.
Yes. Fig provides template playbooks for common incident types (ransomware, data breach, phishing) that you can customise with your own escalation paths, notification lists, and evidence requirements.
Yes. MSPs can grant clients read access to their incident workspace. Clients see the investigation timeline, actions taken, and resolution status without being able to modify evidence or internal notes.
Fig integrates with ConnectWise, Autotask, ServiceNow, Jira, and other ticketing platforms. Incidents can be created from tickets and synced bidirectionally, so your team does not need to work in two places.
Yes. Fig includes anonymous case reporting for whistleblowing, increasingly required under the EU Whistleblower Directive. Cases are managed through structured workflows with full confidentiality protections.
Next step
Book a walkthrough tailored to your frameworks and tooling.
We only load non-essential analytics and advertising tags after explicit consent. You can review our cookie register in the cookie policy section and update your choice at any time via “Cookie settings” in the footer.