![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
CAF – D2.a Post-Incident Analysis
This article provides additional information on how you can meet the requirement for the CAF control – D2.a Post-Incident Analysis.
Reviewing Incidents and Near Misses
- Organisations should conduct post-incident analysis for all security incidents and near misses to fully understand their causes and implement appropriate corrective actions.
- As part of each review, teams should explore “what-if” scenarios to assess how the incident could have escalated and what additional mitigations may be required.
Recording Findings
-
Findings from each post-incident review should be recorded in the organisation’s tracking system.
-
Actions identified during the review should be documented and monitored to completion.
Driving Continuous Improvement
This structured approach ensures the organisation learns from every incident and continually strengthens overall resilience.