TS-RDC-04 - Serious-incident reporting & escalation

TS-RDC-04 Trust & Stewardship Risk, Data & Compliance CORE Compliance v2.9.7

Serious-incident reporting & escalation

Assesses whether the organization has a clear, documented process for identifying, reporting, and escalating serious incidents to the board and all relevant regulatory bodies in a timely manner. The organization must maintain an ‘Applicable Regulators Matrix’ mapping its activities (e.g., children’s work, healthcare, housing, overseas operations) to relevant notification regimes (e.g., Charity Commission/OSCR/CCNI, ICO, HSE/RIDDOR, LADO/police, OfS, CQC/Ofsted/RSH, HMRC, Fundraising Regulator) to ensure precise compliance.

UK Charity Law

The Essential Trustee (CC3)
Reporting a serious incident (RSI guidance)
Internal financial controls for charities (CC8)

ISO Standards

ISO/IEC 27001:2022 — Incident mgmt (A.5.24-A.5.27)
ISO 22301:2019 — Incident/comms (cl. 8.4)

Excellence Frameworks

Other Regulatory

Related Criteria

TS-RDC-01 Multi‑scenario financial stress‑testing documented TS-RDC-02 Complaints & whistle-blowing mechanism TS-RDC-03 Due-diligence on delivery partners TS-RDC-05 Cyber-security baseline (NCSC Cyber Essentials – UK) TS-RDC-06 GDPR accountability & DPIA log

Version

2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 11:07:51.096258

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json

Back to Criteria

Unite

Empower

Serve

About

Serious-incident reporting & escalation

Related Criteria

Discussion (1)