Incident Tracking is available on the Business plan and above.
Reporting an incident
To report a new incident:
- Navigate to Governance → Incidents and select Report Incident
- Enter a title and a description of what occurred
- Set the severity — Critical, High, Medium, or Low
- Select a category (for example, bias/fairness, data breach, model failure, or safety violation)
- Optionally link the incident to one or more registered AI systems
- Select Submit
Once submitted, the incident is assigned an ID and enters the Open status.
Incident lifecycle
Incidents move through a defined lifecycle:
| Status | Meaning |
|---|
| Open | Reported but investigation has not started |
| Investigating | Actively gathering information about the cause |
| Containment | The immediate impact is being limited while investigation continues |
| Remediation | Root cause identified; fixes are being implemented |
| Resolved | Remediation complete; incident is functionally over |
| Closed | Formally closed with a closing note on record |
Investigation fields
During investigation, you can record:
- Root cause — a narrative description of what caused the incident
- Root cause category — a structured label (for example, training data quality, deployment error, or prompt injection)
- Contributing factors — additional conditions that made the incident worse or harder to detect
These fields are optional while an incident is open, but must be completed before an incident can move to Remediation.
The Remediation section of each incident tracks the steps your team is taking to fix the underlying cause and prevent recurrence:
- Remediation steps — a list of actions with completion status
- Preventive measures — controls or process changes being put in place to reduce the likelihood of recurrence
Regulatory notification management
For incidents that trigger regulatory reporting obligations, the notification tracker lets you record:
- Which regulators must be notified
- The notification deadline for each
- Whether the notification has been sent and when
Regulatory notification deadlines under the EU AI Act and other frameworks can be as short as 72 hours for certain incident categories. Configure notifications as soon as you determine a regulatory obligation applies.
Timeline
Every incident has an automatic activity feed that records all status changes, field updates, and comments in chronological order. The timeline cannot be edited — it is an accurate record of exactly how the incident was handled.
Team members with access to the incident can add comments to the timeline to document decisions, share findings, or communicate status.
Closing an incident
To close an incident, select Close Incident from the incident detail view. Closing requires a written closing note summarizing the outcome and any open follow-up actions. The closing note is appended to the timeline and the incident moves to Closed status.
Closed incidents remain visible and fully searchable. They cannot be reopened, but a new incident can reference a closed one if the same issue recurs.
Preventive recommendations
When an incident is resolved, Ayliea generates a set of preventive recommendations based on the root cause and contributing factors recorded. These recommendations appear in the incident record and can be linked to your assessment remediation backlog so the underlying control gap gets addressed as part of your regular improvement cycle.
