Sprinto Dashboard

Close Reported Incidents Within Defined Timelines

Learn how to resolve the Sprinto monitor that checks if all reported security or operational incidents have been closed appropriately.

Sprinto raises this monitor when a reported incident has remained open beyond an acceptable timeframe or lacks the necessary closure documentation. This ensures your organisation maintains a timely and well-documented incident response process, which is a key requirement under most compliance frameworks.

A failure to close incidents may indicate unresolved risks, lack of accountability, or broken remediation processes.

Why this matters

Leaving incidents unresolved can:

  • Pose ongoing security or operational risks

  • Impact audit outcomes or compliance reviews

  • Obscure ownership and timelines for remediation

  • Indicate weak incident response protocols

Frameworks such as ISO 27001 (A.16.1.6, A.16.1.7) and SOC 2 (CC7.3) require timely and documented incident response.

What Sprinto checks

Sprinto evaluates:

  • Whether a reported incident remains in open status after its expected resolution window

  • Whether the incident includes a closure summary, timestamp, and reviewer

  • Whether evidence of root cause analysis and remediation has been added

When does this monitor fail?

Reason
Description

Incident remains open past resolution deadline

SLA for resolution has passed but incident is still marked as "Open"

No closure summary or evidence uploaded

Incident lacks closure notes, RCA, or supporting files

No owner assigned or status inactive

Incident is orphaned or lacks accountability

How to Resolve

  1. Navigate to the Incident

    • Go to Data Library > Incidents in Sprinto

    • Filter by Status: Open

  2. Review and update the incident

    • Confirm whether the incident is resolved or needs escalation

    • Assign or confirm an owner

    • Add a closure summary with root cause, actions taken, and resolution outcome

  3. Upload supporting documentation

    • Attach RCA reports, screenshots, or logs of the resolution

    • Include incident response timelines and action owners if applicable

  4. Mark the incident as Closed

    • Change status to Closed with a timestamped entry

    • Sprinto will automatically re-check the monitor and clear it

Accepted Evidence

Type
Description

Closure summary

Text or file noting root cause, fix applied, and resolution date

Supporting artefacts

Screenshots, logs, ticket history, response timeline

Owner and status metadata

Confirmed ownership and status changed to “Closed” within Sprinto

Best Practices

  • Set clear SLAs for incident acknowledgement and resolution

  • Use incident response templates for consistent documentation

  • Conduct periodic reviews of open incidents to ensure nothing remains stale

  • Integrate with ticketing tools (e.g. Jira, ServiceNow) for automated updates

PreviousResolve Sprinto Check for Periodic Review of Org ChartNextDr. Sprinto & Manual Inputs

Last updated