This Guide covers:



Introduction

You might have a customer complaint or a problem with a supplier's delivery.  The incident management area provides a structured way to communicate with your suppliers, collect root cause analyses and implement preventative actions.


To raise an incident, select “Site Actions” from the left-hand menu. Once the page has loaded select the 'Incidents' tab is selected by default. Here you can view existing incidents or to create a new one select 'Create New Action' from the top menu and choose 'Raise Incident'.


The module has been designed to follow a standard workflow that should be familiar to any ISO27001 or ITIL based incident management process.

 

The module has several key concepts:

  • Incident Details > Record all details and descriptions of the incident that has occurred to inform your suppliers.
  • Investigation Summary > Suppliers responding to incidents can enter an investigation summary along with evidence to provide details of the steps taken
  • Root Cause Analysis > The root cause analysis allows the supplier to provide information on the cause of the incident along with being able to attach evidence
  • Corrective/Preventative Actions > Allow your suppliers to enter corrective & preventative actions to highlight the steps to take/taken. All corrective and preventative actions are approved at the customer level. They can also be raised against the supplier from the customer level
  • Incident Approval > Set the status of the incident to ‘closed’ once you have resolved and accepted all the analysis and actions declared by your suppliers.



Raising an Incident


1.The first step is to raise a new Incident. From the main menu, beneath the 'Tools' section, select 'Incidents'.





Once the page loads ensure that the 'Incidents' tab is selected as below:




2.The first step is to raise a new Incident. From the main menu, select “Raise Incidents” and then click the ‘raise incident’ button displayed above the counts.




3.

Each incident consists of the following fields:

  1. Name > Enter a unique name to identify your incident
  2. Severity > Enter the severity level from the drop-down options (minor, major, critical)
  3. Incident Date > Record the date and time that the incident occurred
  4. Source > Select the source of the Incident from the drop-down such as 'customer complaint' or 'enforcement authority'
  5. Incident Type & Sub-Type > Declare the incident type to categorise and report against
  6. Reference & Type > Add multiple references for either customers or sites to correspond to other systems
  7. Repeat Incident > Select from the Y/N option to state if this incident has occurred before
  8. Affected Sites > Select from your internal sites that may be affected by this incident
  9. Evidence > Provide details and attach multiple files of evidence to correspond to the incident
  10. Assignee > Assignees and the Incident creator are the only users who can close or edit the details.





4.Now that you have provided the incident details, you can send this to your supplier to provide a response. Select 'My Supplier' then search for the supplier site in the fields shown below and then enter details about the affected product – such as BBE date or batch number to help the supplier with their investigation. Alternatively, you can select your own company to provide a response.

The following fields can be completed;

  1. Associated Site > Select from the list of companies/sites within the Authenticate Directory for whom you wish the incident to be associated with
  2. Product Details > Here you can enter details for the product in question. If you have access to the product mapping feature, then you will also be able to select from your products. 
  3. Best Before Date > Enter the best before date for the product related to the incident
  4. Batch Number > Record the batch number to better identify the potential products affected
  5. Response Due Date > specify the date and time for which you require a response from your supplier
  6. Recipient > Select a specific recipient from the contacts list available or add the details of the individual that is required to respond to the incident
  7. Share with Companies > This allows you to share the incident information with other companies such as your customers or a third party.




5.After providing these details, when you send the incident, this will create an e-mail that will go to the recipient details selected/provided.





Supplier Response


1.The recipient selected when raising the incident will receive an e-mail that will provide them with the details of the incident and the required response date and time.

When logging into their company profile, they will have a task open on their dashboard.




2.Once the supplier selects ‘View Incident’, they will be taken to a single page showing them the full details of the incident raised along with access to download and view any evidence attached.



Suppliers can enter the following details;

  1. Investigation Summary > Details of the high-level investigation to understand the incident raised
  2. Root Cause Analysis > Details of the root cause of the problem/issue raised and the circumstances for which it occurred
  3. Incident Reason > Selecting from the drop-down list of options as to why the incident may have occurred – for example, human error, machine error, etc.
  4. Corrective Actions > Suppliers can add corrective actions to prevent the incident from re-occurring in the short term. Corrective actions are not generally the final solution but focused on immediate prevention.,
  5. Preventative Actions > Suppliers can add preventative actions to demonstrate how they will eliminate the cause of the incident longer term

Attachments and evidence can be added to both the investigation summary and root cause analysis.

Evidence can also be added to corrective/preventative actions once the supplier has indicated that these have been set as ‘complete’




3.

Once the supplier has completed all the necessary details, they can send the incident back to the customer who has raised it.


A supplier can reject an incident by providing a comment as to why they believe that the incident is unfounded.





Reviewing an Incident response


1.

Once the supplier has completed their response to the incident and returned this to the customer, a task will appear on your homepage indicating that a response has been provided for review.

There are various stages of approval for the incident response:

  1. Root Cause Analysis > The information provided by the supplier requires approval

  2. Corrective/Preventative Actions > Each corrective action entered by your supplier requires an ‘approval’



2.You can also add additional Corrective & Preventative actions to send back to the supplier to complete if there are further actions that you need them to do to resolve/further prevent the incident.

3.Once the incident response is reviewed and approved, the incident can then be set to ‘closed’.

Corrective/Preventative actions can remain open even if the status of the incident has been set to 'Closed' (this may be that you set longer-term preventative actions for the future that cannot yet be resolved)



Incident Dashboard


1.The Incident module can be accessed via the top navigation. Here you can manage and review the status of all incidents raised against suppliers.

The top counts identify;

  1. Total Incidents > The total number of incidents raised
  2. Open Incidents > The total number of incidents still requiring a response/review
  3. Incidents in the last 30 days > A count of the incidents in the past 30 days highlighting any increase from the previous 30 days
  4. Closed Incidents > The total number of closed/resolved incidents



2.

Filters can be applied to search for/ analyse incidents by;

  • Name
  • Supplier
  • Severity
  • Type
  • Status




You can also access information on incidents for a specific supplier on their profile page.


On the suppliers’ company profile, all incidents will be shown with the current status provided. All users within your organisation can view all aspects of the incident. (Only the creator of the incident and assignees can add/amend data in a raised incident)







Incidents FAQ's


Who is notified when I raise an incident?

When you raise an incident, emails will automatically be sent to notify the recipient selected. There will also be an e-mail sent to the assignees selected from your internal user list to notify them of the incident.



Who in my organisation can see the incidents?

All users of your platform have access to view the incidents dashboard and all incidents raised against a supplier (via their company profile). Only the user that has ‘raised’ the incident or assignees that have been added can approve, add actions, and close the incident



What if the incident is unfounded?

When the supplier receives the incident task, they can ‘reject’ the incident and provide a comment back to you as the reason for why they believe this to be unfounded