Who is this article for?

Users who want to learn more about the new Incident management 25.4 release.

No elevated permissions are required.

To improve data integrity, streamline investigations, and strengthen system accountability, we’ve introduced a series of enhancements across incident management workflows. These updates give administrators and users greater control over locked content, investigation depth, and lifecycle transparency—without disrupting existing functionality.

1. Enhanced incident closure controls for improved data integrity

To strengthen data integrity and ensure audit compliance, we’ve introduced enhanced configuration options that allow system administrators to lock additional sections of an incident once it is marked as closed. This update provides greater control over incident data post-resolution, reducing the risk of unauthorised edits and improving overall system reliability. It is fully configurable, publicly available, and does not impact existing functionality.

Previously, only certain sections of a closed incident were locked, leaving others editable and vulnerable to post-closure modifications. This could lead to inconsistencies and compromise the integrity of incident records. The new enhancement addresses this by allowing administrators to selectively lock additional sections, including:

• Case management
• Lessons learned details
• Attachments
• Confidential attachments

Each section has its own configuration, giving administrators granular control over which areas are locked. These configurations are only effective when incident status and lock incident settings are enabled. If the lock configuration for case management or lessons learned details is active, the system will validate these sections before allowing the incident to be closed. The close option will remain unavailable until all applicable sections are saved or closed.

The existing edit locked incident permission continues to apply to these newly locked sections. Once configured, these settings will automatically apply to incidents that are already closed, unless the case is not closed or the lessons learned details have not been saved.

Additionally, administrators can enable the reopen status for locked incidents configuration. When active, users with the change incident status permission can reopen a locked incident, which will unlock it for editing. To delete a locked incident, users must first reopen it, unless they already have the edit locked incident permission.

Note: This enhancement introduces no impact to existing incidents or workflows, ensuring a smooth transition for all users.

2. AI-assisted 5-Why investigation for deeper root cause analysis

• Configurable: No
• Title: N/A
• Public/Private: N/A
• Default: N/A
• Impacts: No impact

To improve the consistency and depth of incident investigations, we’ve introduced AI-assisted support for the 5-Why methodology. This enhancement helps guide users through more effective root cause analysis by suggesting relevant follow-up questions based on context and prior inputs.

Previously, the 5-Why process relied entirely on manual input, requiring users to determine each subsequent “Why” independently. This often led to inconsistent results and limited insight. With the new enhancement, investigators can now request Gen-AI recommendations by clicking the AI icon within each contributing factor container, provided the following conditions are met:

• The feature is subscribed.
• The user has edit investigation permission.
• The incident is not locked.
• The 5-Why section is configured for the incident type.

The Gen-AI model analyzes the current “Why” and dynamically suggests context-aware follow-up questions. This streamlines the investigation process, reduces cognitive load, and promotes more thorough root cause identification.

3. Locking completed detail reports for frontline employees

• Configurable: No
• Title: Lock completed detail reports for frontline employees
• Public/Private: Public
• Default: No
• Impacts: Mobile

To preserve the integrity of submitted reports and prevent unauthorized changes, we’ve introduced a locking mechanism for detail reports and attachments once they are marked complete. This enhancement ensures that frontline employees cannot modify finalized content, while still allowing supervisors or authorized users to make necessary updates.

Previously, frontline users could continue editing reports and attachments post-completion, creating risks around data accuracy and accountability. With the new update:

• Existing permissions have been renamed to edit incomplete detail report incident and edit attachment for incomplete detail report.
• These permissions apply only while the report is incomplete.
• Once marked complete, users with these permissions can view but not edit the report or attachments.
• A new permission, edit complete detail report incident, has been introduced and is automatically assigned to roles with edit incident report.

This ensures that only authorized users can modify completed reports, maintaining the reliability of submitted data.

4. Mandatory reason required for reopening closed incidents

• Configurable: No
• Title: Require reason for reopening closed incidents
• Public/Private: Public
• Default: No
• Impacts: No impact

To improve traceability and accountability, the system now requires users to provide a reason when reopening a closed incident. This enhancement ensures that all status changes are properly documented and visible to stakeholders.

Previously, incidents could be reopened without explanation, which posed challenges for audit tracking and lifecycle management. With the new update:

• Users are prompted to enter a reason (up to 500 characters) before reopening.
• The reason is displayed in a new section called incident status change history at the bottom of the incident summary screen.
• This section tracks status changes from open to close and close to reopen, along with the reason provided.
• The functionality is tied to the incident status configuration.

Note: This enhancement promotes transparency and strengthens the integrity of incident records.