30-second declaration
Type a name, pick a severity, name the commander. The incident is open and the activity log starts.
Platform · Respond
The IR lead's command desk.
Declare an incident, attach the right playbook, assign the procedure checklist, and let the activity log capture every move. Regulatory clocks and comms timers stay on screen so the IR lead never has to do mental arithmetic.
- Activity log is append-only — a legally defensible record by design.
- Comms timers and notification deadlines visible at all times.
- Scoped external access for DFIR, legal, insurers and partners — revocable on the spot.
- Auto-generated PIR timeline from the activity log.
Playbook auto-attached
Pick an incident type and the matching playbook materialises as an assignable checklist.
Tasks have owners
Every checklist step is a task with an owner, a due time, and an outcome captured in the log.
Comms timers always visible
Privacy Act, NIS2, CPS 234, sector-specific clocks sit at the top of the workspace until they fire.
External access scoped
DFIR, legal, insurers see exactly one incident. They cannot list other cases, see the policy library, or see your org structure.
Defensible by design
No edit button on log entries. Ever. The audit trail is the database — not a separately maintained document.
Want to walk a real incident? Bring one of yours.
Drop us a recent (anonymised) incident and we'll model it live on a discovery call.