This lesson covers opening an investigation against a triaged incident, then walking through the investigation detail page so you know what each section is for. By the end you'll be able to scope an investigation, assign it to the right group, and pick the right access level.
What you'll cover:
Where investigations live. The six-step incident lifecycle (Reported, Triage, Investigation, Response, Resolved, Closed) and where Investigation fits, plus when triage decides an incident needs one: anything notifiable, anything alleging misconduct, or anything where the cause isn't obvious.
Opening the investigation. The Open New Investigation dialog and its three inputs: the Assign to Group selector (the handler group whose members do the work), the access level, and optional Investigation Scope and Instructions that become part of the record.
Full Access vs Limited Access. Full giving the group the whole incident record, and Limited restricting them to what they need, the default for sensitive matters like bullying or harassment and for external investigators.
The detail page and tabs. The five summary cards (Status, Outcome, Investigator, Started, Statements) and the tabs beneath: People & Statements, Findings, Tasks, Comments, and Activity Log.
Key takeaways:
Not every incident gets an investigation. Triage decides, and investigations are how you build the record for notifiable, misconduct, or unclear-cause incidents.
The access choice has real consequences: Limited protects the people involved and is the rule of thumb for sensitive matters, so pick it unless there's a specific reason to widen access.
The investigation is its own object with its own reference (INV, year, number) linked to the incident, which is what gives you a clean audit trail from open to close.
IN THIS COURSE
3
.
O13. Incident reporting and triage
3
min
1
.
O14. Shareable reporting links, QR codes, and multi-channel deployment
1
min
4
.
O15. Incident handler groups, SLAs, and escalation rules
4
min
4
.
O16. Opening and managing investigations
4
min
4
.
O17. Collecting statements, managing people involved, and the investigation record
4
min
2
.
O18. Incident resolution
2
min
3
.
O19. Notifiable incidents and regulatory deadlines
3
min
3
.
O20. Worker self-service incident reporting and the portal experience
3
min
