This part of the iSHARE scheme is considered normative and is therefore compliant with RFC 2119.
The incident management process describes the steps that the Scheme Owner and adhering- and certified parties MUST take to solve incidents in the iSHARE network.
An incident is an event, not part of the standard service operation, that results in a potential impact or risk with regards to the quality, availability, confidentiality and/or integrity of (data within) the iSHARE scheme. This includes the data used for identification, authentication and authorisation purposes in the context of data exchange, but not the contents of the actual data exchange.
Note incident resolution is NOT part of regular maintenance, and therefore is NOT subject to maintenance windows as described under service levels.
Three classifications of incidents are recognised within iSHARE. Note that the impact or risk described is non-exhaustive.
Classification | Impact or risk |
---|---|
Minor incident |
|
Calamity |
|
Crisis |
|
Goal
...
- The Scheme Owner proactively coordinates the handling and solving of incidents, and assists if necessary;
- Adhering/certified parties are responsible for reporting all incidents in the iSHARE network, and taking the steps necessary to handle and solve incidents.
Expected administrative burden on the Scheme Owner
...
- .
Sequence
Before initiating the process as below, the reporting party, in conjunction with the causing party (if not the same) MUST assess together whether the event deemed an incident is indeed an incident.
...