Which elements are included in an incident reporting protocol?

• A. Delay containment until after business hours.
• B. Notify only customers, ignore regulators.
• C. Document and then delete data.
• D. Immediate containment, notification to stakeholders, thorough documentation, investigation, root cause analysis, corrective actions, and regulatory reporting if required.

Answer: (D)

A solid incident reporting protocol centers on a full, timely response lifecycle: start with immediate containment to limit impact, followed by notifying stakeholders and, if required, regulators to ensure coordinated action and legal compliance. Thorough documentation captures what happened, when, and what systems or data were affected, providing a clear record for the investigation. The investigation then identifies the facts and the root causes behind the incident, which informs corrective actions to prevent recurrence—such as process changes, new controls, or enhanced training. If laws, contracts, or regulatory bodies require it, reporting to authorities ensures accountability and transparency beyond the organization. These elements together create a complete, defensible response that minimizes harm, supports compliance, and improves resilience. Delaying containment, or only informing customers while ignoring regulators, leaves risks unmitigated and compliance gaps. Deleting data before it can be analyzed undermines investigation and reporting efforts.