Incident and Support¶
Objective¶
This page offers a common path for reporting issues, opening support requests, and responding to incidents in Cafh.
Why this matters¶
When something goes wrong, people need a path they can remember. A calm reporting flow reduces delay, protects evidence, and helps Cafh stay coordinated with providers and internal owners. It also turns a stressful moment into a shared process instead of isolated reactions. Good records help the committee learn from each case and spot patterns over time.
Risks this page helps reduce¶
- Delayed response
- Lost evidence
- Long outages
- Public confusion
- Repeated incidents with the same root cause
- Larger harm to data, members, or brand
What must be reported¶
The reporting threshold should stay low. Cafh gains more from an early report that turns out minor than from a late report that arrives after harm grows. Members do not need full proof before they report a concern.
- Website outage
- Member area outage
- Account compromise
- Suspicious login or phishing
- Lost or stolen personal device used for Cafh work
- Suspected compromise of a personal device used for Cafh work
- Abuse of an official email account
- Social media takeover
- Abuse of an official social media account
- Data exposure or data loss
- Broken function in a critical internal app
- Vendor failure on a contracted service
Report path¶
- Send the issue to the committee at once.
- Record service name, date, and visible impact.
- Mark the issue as urgent or standard.
- Name the person who will talk with the vendor.
- Record every action and vendor reply.
The committee must define and maintain the intake path for these reports. That path may be a shared email address, a form, a ticket tool, or another approved channel. The chosen path must be known, easy to find, and reviewed on a regular schedule. A simple and trusted path matters more than a complex tool.
Process map¶
This diagram shows one simple path from intake to closure.
flowchart LR
A["Issue or request received"] --> B["Open case record"]
B --> C{"Urgent or standard?"}
C -- "Urgent" --> D["Start containment"]
C -- "Standard" --> E["Review and assign owner"]
D --> F["Contact vendor or internal owner"]
E --> F
F --> G["Track actions and updates"]
G --> H{"Resolved?"}
H -- "No" --> I["Escalate and update record"]
I --> G
H -- "Yes" --> J["Record cause, actions, and follow-up"]
J --> K["Close case"]Status map¶
This sample helps the committee keep one status language for every case.
stateDiagram-v2
[*] --> New
New --> Triage
Triage --> InProgress
Triage --> WaitingForVendor
WaitingForVendor --> InProgress
InProgress --> Monitoring
Monitoring --> Closed
InProgress --> Escalated
Escalated --> Monitoring
Triage --> ClosedUrgent issues¶
Urgent means harm is active or can grow fast. The first goal is not a full explanation. The first goal is containment, record keeping, and a clear owner for the next step.
Urgent issues include:
- Public site down
- Member area down
- Account compromise
- Data exposure
- Brand misuse on an official channel
For urgent issues:
- Report the same day
- Contact the vendor through the fastest approved path
- Limit access or take the service offline if needed
- Notify committee leadership at once
Request types and required information¶
Not every case needs the same pace or the same fields. A clear case type helps the committee ask for the right facts without overloading the person who reports the issue.
Use one clear record for each case type.
| Case type | Use it for | Required information |
|---|---|---|
| Standard support request | Bug, access problem, change request, or vendor help case with no immediate harm | service, summary, steps to reproduce, visible impact, requester, desired date, screenshots or links |
| Urgent incident | Outage, compromise, data exposure, or active service failure | service, first seen time, current impact, affected users, containment actions, evidence, vendor contact, next update time |
| Personal device security case | Lost, stolen, or compromised personal device used for Cafh work | device type, owner, last known use, Cafh accounts used, local Cafh files, suspected cause, immediate actions taken |
| Abuse report | Misuse of official email, social media, or public brand assets | account or channel, date and time, abuse type, evidence link, public impact, current access state, reviewers |
| Data incident | Loss, exposure, wrong sharing, or unauthorized export of member data | system, data set involved, first seen time, scope, who had access, containment actions, vendor involvement, legal review need |
Personal device loss or compromise procedure¶
Use this path for a lost, stolen, or compromised personal phone or computer that was used for Cafh work. Same-day action matters here. Delay can leave sessions open, data exposed, or recovery paths in the wrong hands.
- Stop Cafh work on the device at once.
- Disconnect the device from the network if compromise is suspected.
- Tell the committee the same day.
- From a clean device, change passwords for the Cafh accounts used on that device.
- Revoke active sessions or tokens where the service supports that action.
- Record what Cafh data, mailboxes, or apps were on the device.
- Rotate shared credentials or recovery paths that may be exposed.
- Decide if the case is a data incident, account incident, or vendor case.
- Restore access only after the review is complete.
Personal device response map¶
flowchart LR
A["Personal device lost, stolen, or compromised"] --> B["Stop Cafh work on that device"]
B --> C["Report to committee the same day"]
C --> D["Use a clean device"]
D --> E["Change passwords and revoke sessions"]
E --> F["Record accounts, apps, and local files involved"]
F --> G{"Restricted data at risk?"}
G -- "Yes" --> H["Open data incident review"]
G -- "No" --> I["Track follow-up and restore access"]
H --> ISample standard support request¶
Use this template for a normal support case.
| Field | Sample value |
|---|---|
| Request ID | SUP-2026-014 |
| Date | 2026-04-22 |
| Requester | Marta S. |
| Service | Member area |
| Summary | Password reset email is not reaching some members |
| Steps to reproduce | Open reset form, submit account email, wait 10 minutes, no message arrives |
| Visible impact | Members cannot recover access without manual help |
| Desired date | 2026-04-23 |
| Evidence | Screenshot of reset page and mail logs |
| Owner | Luis M. |
Sample urgent incident report¶
Use this template for outages, compromise, or suspected security events.
| Field | Sample value |
|---|---|
| Incident ID | INC-2026-007 |
| Date opened | 2026-04-24 |
| First seen | 2026-04-24 08:15 UTC |
| Reporter | Ana R. |
| Service | cafh.org public website |
| What happened | Website returns an error page and does not load |
| Current impact | Public site unavailable |
| Affected users | Public visitors and staff who publish updates |
| Containment action | Website vendor contacted and admin access review started |
| Evidence | Browser screenshot and uptime alert link |
| Vendor contact | Support ticket DO-44391 |
| Next update time | 2026-04-24 09:00 UTC |
Sample abuse report¶
Use this template for misuse of official email, social media, or brand channels.
| Field | Sample value |
|---|---|
| Case ID | ABU-2026-003 |
| Date opened | 2026-04-25 |
| Reporter | Communications team |
| Account or channel | Official Facebook page |
| Abuse type | Unauthorized post |
| Date and time of event | 2026-04-25 14:10 UTC |
| Public impact | One public post with false event details |
| Immediate action | Post hidden and publishing access paused |
| Evidence | Post link and screenshot |
| Reviewers | Marta S. and Ana R. |
Sample data incident report¶
Use this template for data loss, exposure, or wrong sharing.
| Field | Sample value |
|---|---|
| Case ID | DAT-2026-002 |
| Date opened | 2026-04-26 |
| Reporter | Membership owner |
| System | Member database |
| Data involved | Member names, email addresses, and local group fields |
| What happened | Export file sent to the wrong recipient |
| Scope | 120 member records |
| Containment action | Recipient contacted, file deletion requested, export rights under review |
| Vendor involvement | None |
| Legal or privacy review | Committee review opened the same day |
| Follow-up owner | Ana R. |
Sample personal device security report¶
Use this template for a lost, stolen, or compromised personal device.
| Field | Sample value |
|---|---|
| Case ID | DEV-2026-001 |
| Date opened | 2026-04-27 |
| Reporter | Marta S. |
| Device type | Personal phone |
| What happened | Phone was stolen during travel |
| Last Cafh use | 2026-04-27 12:10 UTC |
| Cafh accounts used on device | Official email, Facebook, password manager mobile app |
| Local Cafh data on device | No local files known |
| Immediate actions | Passwords changed from clean laptop and sessions revoked |
| Follow-up need | Review social media access and mail recovery path |
Abuse case report¶
Use this path for abuse or misuse of an official email or social account. Abuse cases affect trust as much as systems. A false post, hostile reply, or impersonation attempt can spread before the technical fix is complete. The report must preserve evidence and public impact from the start.
- Record the account name
- Record date and time
- Save a screenshot, message copy, or link
- Record who reported the case
- Record public impact and brand impact
- Send the case to the committee for review
- Pause access or posting when risk is high
Standard support requests¶
Standard support still needs discipline. A vague message creates delay, repeated questions, and weak follow-up. One clear request saves time for Cafh and for the provider.
- Send one clear request
- Include steps to reproduce the issue
- Include screenshots or links
- Include desired date and business impact
- Wait for committee review before vendor contact
Sample case register¶
This table can live in a shared sheet or later in a request service.
| Case ID | Type | Service | Priority | Status | Owner | Vendor involved | Last update |
|---|---|---|---|---|---|---|---|
| SUP-2026-014 | Standard support | Member area | Medium | In progress | Luis M. | Yes | 2026-04-22 |
| INC-2026-007 | Urgent incident | Public website | High | Monitoring | Marta S. | Yes | 2026-04-24 |
| ABU-2026-003 | Abuse report | Official Facebook page | High | Under review | Ana R. | No | 2026-04-25 |
| DAT-2026-002 | Data incident | Member database | High | Escalated | Ana R. | No | 2026-04-26 |
| DEV-2026-001 | Personal device security case | Personal phone used for official email | High | In progress | Marta S. | No | 2026-04-27 |
Closure¶
Closure is not the moment the tool starts working again. Closure happens after Cafh records what failed, what changed, and what still needs review.
- Record root cause
- Record vendor actions
- Record account or password changes
- Record follow-up tasks
- Record lessons for future work