๐น Minor Incident Report (MIR)
Definition:
A Minor Incident Report documents issues that do not materially impact core reporting outputs, system availability, or regulatory obligations, but still highlight:
- Process flaws
- User behaviour concerns
- Data quality inconsistencies
- Minor breaches of submission protocol or best practice
Purpose:
- To track repeatable issues or patterns
- To identify low-level risk to data reliability or operational friction
- To recommend and log preventative actions without invoking escalation procedures
Examples:
- Users omitting required fields in a submission form
- Retrospective updates not flagged but caught before publishing
- Manual override of a cell that breaks a report but is fixed before use
- Misalignment between HR and Finance metrics, known and manageable
๐ธ Serious Incident Report (SIR)
Definition:
A Serious Incident Report is raised when the incident:
- Undermines data integrity
- Leads to the publication of incorrect data
- Introduces compliance, reputational, or financial risk
- Reflects deliberate circumvention of controls or governance
Purpose:
- To investigate root cause and accountability
- To implement immediate mitigations or rollbacks
- To formally escalate to data owners, governance leads, or IT security
Examples:
- Tampering with protected submission templates to falsify data
- Publishing materially incorrect headcount or financials in a Board pack
- Failing to identify and correct known errors across multiple periods
- Submission of false data under someone elseโs credentials
๐จ Deciding Between Minor and Serious
You can use this quick triage to help classify:
| Question | If Yes, it’s likely… |
|---|---|
| Was published data incorrect or misleading? | Serious |
| Was governance (e.g. protection) knowingly bypassed? | Serious |
| Was the issue caught and corrected before impact? | Minor |
| Is the behaviour repeatable but low-risk? | Minor |
| Does it highlight a systemic control failure? | Serious |