Incidents vs issues
What this is
Incidents are real-world events that happened — breaches, outages, phishing attacks. Issues are compliance gaps that exist — weak policies, missing controls, non-compliant conditions. They are tracked separately because they require different responses.
What to do
Use the Incidents tab when something happens. Use the Issues tab when you find something wrong with your compliance posture. If an incident reveals a gap, create an issue to track the underlying fix.
Why it matters
Separating events from gaps gives you and your auditors a clear picture of what happened (incidents) versus what needs to change (issues).
What happens next
Both registers contribute to your Exposure score when items remain open. Resolving items in both registers strengthens your overall governance position.
