Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.matproof.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Matproof’s Incidents module manages the full lifecycle of ICT incidents under DORA — from initial detection through NCA notification, resolution, and post-incident review. Every incident you log generates linked evidence automatically.

DORA incident reporting requirements

DORA mandates that financial entities report major ICT incidents to their competent authority (NCA) within strict deadlines:
Report typeDeadlineTrigger
Initial notification4 hoursIncident classified as major
Intermediate report72 hoursAfter initial notification
Final report1 monthAfter incident resolution
The 4-hour clock starts when the incident is classified as major — not when it is detected. Classification happens in Matproof after you assess the incident against DORA’s criteria.

What makes an incident “major”

DORA defines a major ICT incident by the following criteria. Matproof guides you through each one during classification:
  • Number of clients affected — threshold varies by entity type
  • Duration — incidents exceeding defined downtime thresholds
  • Geographic spread — impact across multiple member states
  • Data loss — availability, integrity, or confidentiality impact
  • Criticality of services — payment, trading, custody, or other critical functions affected
  • Economic impact — financial loss to the entity or clients
Matproof computes a classification recommendation based on your inputs. You confirm or override, and the 4-hour timer starts on confirmation.

Incident lifecycle

Every incident moves through five stages: 
Detection → Classification → Notification → Resolution → Post-Incident Review
Each stage is timestamped. Matproof tracks time elapsed between stages so you can see at a glance whether you are inside the DORA reporting window.

Creating an incident

  1. Go to IncidentsNew incident
  2. Fill in the detection details:
    • Title — short description of the incident
    • Detection date and time — when your team first became aware
    • ICT systems affected — select from your registered assets
    • Initial description — what is known at time of logging
  3. Save as draft — the incident is now in Detection stage
Log incidents as soon as they are detected, even if details are incomplete. You can update the incident record as the situation develops. Early logging protects you if the incident later meets major criteria.

Classifying severity

After detection, classify the incident:
  1. Open the incident → Classify
  2. Step through each DORA major incident criterion
  3. Matproof calculates a severity recommendation:
    • Minor — below all major thresholds, internal handling only
    • Significant — approaching thresholds, monitor closely
    • Major — meets one or more DORA major criteria, NCA notification required
  4. Confirm the classification
If you classify an incident as major, the 4-hour NCA notification timer activates immediately and appears at the top of the incident record.

Generating the NCA notification

For major incidents, generate the initial notification report directly from Matproof:
  1. Open the incident → Generate reportInitial notification
  2. Review the pre-filled report — Matproof pulls in incident details, affected services, and classification rationale
  3. Add any additional context required by your NCA
  4. Export as PDF or submit via the NCA’s reporting portal
Report templates follow the DORA regulatory technical standards (RTS) format. You can customize the template under Settings → Incident reporting.
Repeat the process at 72 hours for the intermediate report and at resolution for the final report. Matproof reminds you of each deadline via in-app notification and email.

Logging resolution steps

As the incident progresses, document your response in the timeline:
  • Go to the incident → Timeline tab → Add entry
  • Choose entry type: action taken, status update, escalation, or external communication
  • Attach supporting files (runbooks, screenshots, logs)
All timeline entries are timestamped and linked to the responsible team member.

Post-incident review

After resolution, DORA requires a post-incident analysis to identify root cause and prevent recurrence.
  1. Open the incident → Post-incident review
  2. Complete the review fields:
    • Root cause — what caused the incident
    • Detection gap — why it was not caught earlier
    • Response effectiveness — what worked, what did not
    • Corrective actions — tasks to prevent recurrence (linked to your task tracker)
  3. Mark the review as complete
Link corrective actions directly to controls in your compliance framework. This closes the loop between incident management and your ongoing control program.

Evidence integration

Every incident automatically generates evidence records that attach to relevant DORA controls:
  • Incident log → evidence for DORA Art. 17 (ICT-related incident management)
  • NCA notification report → evidence for DORA Art. 19 (reporting obligations)
  • Post-incident review → evidence for DORA Art. 17 (lessons learned)
View linked evidence on the incident detail page under the Evidence tab.

Risk Management

Link incident root causes to risks in your risk register

Evidence Collection

Understand how incident evidence maps to your controls