Skip to content

Commit 7b4f16b

Browse files
authored
Merge pull request #43 from arjunastha/use-case/SAFE-UC-0019-post-incident-review-drafting
feat: upgrade SAFE-UC-0019 (Post-incident review drafting assistant) to draft
2 parents 6c6d0f9 + ec86f30 commit 7b4f16b

3 files changed

Lines changed: 760 additions & 22 deletions

File tree

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ Quick contributor workflow:
9090
| [SAFE-UC-0016](use-cases/SAFE-UC-0016/) | IT service-desk virtual agent | [Information (51)][naics-51] | Seed |
9191
| [SAFE-UC-0017](use-cases/SAFE-UC-0017/) | Service request triage assistant | [Information (51)][naics-51] | Seed |
9292
| [SAFE-UC-0018](use-cases/SAFE-UC-0018/) | Work-item summarization assistant (thread + context summaries) | [Information (51)][naics-51]<br>[Software Publishers (513210)][naics-513210] | Draft |
93-
| [SAFE-UC-0019](use-cases/SAFE-UC-0019/) | Post-incident review drafting assistant | [Information (51)][naics-51] | Seed |
93+
| [SAFE-UC-0019](use-cases/SAFE-UC-0019/) | Post-incident review drafting assistant | [Information (51)][naics-51] | Draft |
9494
| [SAFE-UC-0020](use-cases/SAFE-UC-0020/) | On-call incident context assistant | [Information (51)][naics-51] | Seed |
9595
| [SAFE-UC-0021](use-cases/SAFE-UC-0021/) | Contact-center agent assist | [Administrative and Support and Waste Management and Remediation Services (56)][naics-56]<br>[Telemarketing Bureaus and Other Contact Centers (561422)][naics-561422] | Draft |
9696
| [SAFE-UC-0022](use-cases/SAFE-UC-0022/) | Security operations investigation assistant | [Professional, Scientific, and Technical Services (54)][naics-54] | Draft |

use-cases.naics2022.crosswalk.json

Lines changed: 109 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -502,15 +502,122 @@
502502
{
503503
"id": "SAFE-UC-0019",
504504
"title": "Post-incident review drafting assistant",
505-
"status": "seed",
505+
"status": "draft",
506+
"maturity": "draft",
506507
"repo_path": "use-cases/SAFE-UC-0019/README.md",
507508
"naics_2022": [
508509
{
509510
"code": "51",
510511
"name": "Information"
512+
},
513+
{
514+
"code": "5132",
515+
"name": "Software Publishers"
516+
},
517+
{
518+
"code": "5182",
519+
"name": "Computing Infrastructure Providers and Data Processing Services"
520+
},
521+
{
522+
"code": "5415",
523+
"name": "Computer Systems Design and Related Services"
511524
}
512525
],
513-
"summary": "Draft post-incident reviews/postmortems from timelines and notes with accuracy checks and sensitive-data handling."
526+
"summary": "AI-assisted drafter that takes incident artifacts (timeline, alerts, chat transcripts, tool-call audit logs, customer-impact data, on-call notes) and drafts the post-incident review plus regulator-facing disclosures (SEC Form 8-K Item 1.05, NIS 2 Article 23, GDPR Article 33, HIPAA 45 CFR 164.412, state-AG, banking 36-hour, DORA Article 19). Sits downstream of SAFE-UC-0024 (terminal SRE outage) and SAFE-UC-0022 (SOC investigation). Defining inversion: the AI's primary output IS the regulated text. 8-stage kill chain with 5 stages NOVEL across timeline-fact integrity, causal-chain hallucination, action-item commitment fabrication, AI-drafted regulator-filing hallucination, and materiality-determination influence. Draws from Google SRE Workbook Chapter 10 blameless-culture norms, PagerDuty community PIR template, NIST SP 800-61, and ISO/IEC 27035-1/-2 incident-management frameworks.",
527+
"workflow_family": "Post-incident review and regulated-disclosure drafting",
528+
"operating_modes": [
529+
"manual",
530+
"hitl",
531+
"autonomous"
532+
],
533+
"tags": [
534+
"post-incident-review",
535+
"postmortem",
536+
"blameless-culture",
537+
"incident-response",
538+
"regulated-disclosure",
539+
"sec-item-1-05",
540+
"nis-2-article-23",
541+
"gdpr-article-33",
542+
"hipaa-breach-notification",
543+
"dora-article-19",
544+
"state-ag-breach",
545+
"banking-36-hour",
546+
"iso-27035",
547+
"nist-sp-800-61",
548+
"soc-2-cc7",
549+
"itil-major-incident",
550+
"materiality-determination",
551+
"hallucination-regulated-text",
552+
"tenant-isolation",
553+
"eu-ai-act-article-50"
554+
],
555+
"evidence": [
556+
{
557+
"label": "Google SRE Workbook, Chapter 10: Postmortem Culture: Learning from Failure (the canonical blameless-postmortem reference)",
558+
"url": "https://sre.google/workbook/postmortem-culture/"
559+
},
560+
{
561+
"label": "PagerDuty: Postmortems documentation (legacy postmortems.pagerduty.com community guide; the de facto industry reference)",
562+
"url": "https://postmortems.pagerduty.com/"
563+
},
564+
{
565+
"label": "incident.io: Post-mortem features (template, AI-generated summary, action-item tracking)",
566+
"url": "https://incident.io/post-mortem"
567+
},
568+
{
569+
"label": "FireHydrant: Retrospectives + Reliability AI",
570+
"url": "https://firehydrant.com/product/retrospectives/"
571+
},
572+
{
573+
"label": "Rootly: Retrospectives and Rootly AI for incident communications",
574+
"url": "https://rootly.com/features/retrospectives"
575+
},
576+
{
577+
"label": "SEC Cybersecurity Disclosure Rules: Form 8-K Item 1.05 (released 26 July 2023; effective for large filers 18 December 2023; smaller reporting companies 15 June 2024)",
578+
"url": "https://www.sec.gov/newsroom/press-releases/2023-139"
579+
},
580+
{
581+
"label": "Directive (EU) 2022/2555 (NIS 2): Article 23 incident reporting (24-hour early warning, 72-hour notification, 1-month final report)",
582+
"url": "https://eur-lex.europa.eu/eli/dir/2022/2555/oj"
583+
},
584+
{
585+
"label": "Regulation (EU) 2016/679 (GDPR): Article 33 personal-data-breach notification (72 hours)",
586+
"url": "https://eur-lex.europa.eu/eli/reg/2016/679/oj"
587+
},
588+
{
589+
"label": "NIST SP 800-61 Rev 2: Computer Security Incident Handling Guide (August 2012)",
590+
"url": "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf"
591+
},
592+
{
593+
"label": "ISO/IEC 27035-1:2023: Information security incident management Part 1: Principles and process",
594+
"url": "https://www.iso.org/standard/78973.html"
595+
},
596+
{
597+
"label": "ISO/IEC 27035-2:2023: Information security incident management Part 2: Guidelines to plan and prepare for incident response",
598+
"url": "https://www.iso.org/standard/78974.html"
599+
},
600+
{
601+
"label": "HIPAA Breach Notification Rule (45 CFR 164.400 to 164.414; HHS canonical reference)",
602+
"url": "https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html"
603+
},
604+
{
605+
"label": "Federal banking Computer-Security Incident Notification Rule (12 CFR Parts 53, 225, 304; FDIC final-rule press release)",
606+
"url": "https://www.fdic.gov/news/press-releases/2021/pr21099.html"
607+
},
608+
{
609+
"label": "Regulation (EU) 2022/2554 (DORA Digital Operational Resilience Act; applicable from 17 January 2025)",
610+
"url": "https://eur-lex.europa.eu/eli/reg/2022/2554/oj"
611+
},
612+
{
613+
"label": "OWASP Top 10 for LLM Applications (2025)",
614+
"url": "https://genai.owasp.org/llm-top-10/"
615+
},
616+
{
617+
"label": "NIST AI 600-1: AI Risk Management Framework Generative AI Profile (July 2024)",
618+
"url": "https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf"
619+
}
620+
]
514621
},
515622
{
516623
"id": "SAFE-UC-0020",

0 commit comments

Comments
 (0)