The purpose of the Security Incident Management application is to allow facilities to submit and track security incidents throughout the investigation. This application provides a standard form for submitting an incident; notifications to the appropriate individuals; requirements for initial investigation, containment activities, as well as investigation conclusions; and the ability to create and link corrective and preventive action (CAPAs) as required. It can also track target timeframes for activities based on risk.

***NOTE**** This application contains documentation to help you get up and running more quickly. Contact support@tulip.co for an Operational Flow Diagram, a Risk Assessment, and a Test Plan for a seamless GxP deployment.


This application makes use of the Security Incidents table and the CAPAs table. Every time a new Security Incident is created, a new record is created in the Security Incidents table. The following metadata is required to create the initial Security Incident record:


-Discovered By

-Reported By

-Date/Time Discovered

-Location Discovered

-Known Evidence at time of reporting

-Affected System(s)/Asset(s)


Once all this data is provided, a new Security Incident record is created with a unique ID and is assigned a status "Submitted". The Security Incident investigation team then has the opportunity to conduct the preliminary investigation where they are asked to explain the impact on the business, the security level as well as input the date and time at which the preliminary investigation is completed. The Security Incident investigation team can then determine whether any further investigation is required or not and can update the status of the event accordingly. If the team determines that further investigation is required, the status of the event is changed to Under Investigation. The Security Incident team can then perform further investigation and are once they have completed this further investigation, the status of the incident changes to under review, where the Security Incident Investigation team lead has the opportunity to either accept the details set out in the further investigation or reject it. If accepted, the status is changed to closed, pending second signature, and if rejected the status is changed back to under investigation for the Security Incident investigation team. This application has a two signature system setup in order to completely close a security incident, and for an investigation to be closed, two people both need to accept the details inputted in the investigation section of the Security Incident investigation. If either person rejects the investigation, the status is changed back to under investigation. Once a security incident investigation is approved by both signatures, there is an option to create a CAPA for any follow-up situations that might need to be addressed.

Video Overview

Did this answer your question?