The 30 incident.io security checks Black Cat runs
Black Cat SSPM evaluates 30 security policies against your incident.io configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Reduce the number of Incident.io organisation admins to three or fewer
Designate at least one additional Incident.io account owner to avoid single points of failure
Assign a base role to every Incident.io user that currently has none
Assign a base role to users who have custom roles but lack a base role to avoid ambiguous permission sets
Review and reduce custom role assignments for users who hold three or more custom roles to limit privilege creep
configuration
Add at least one action step to workflows that currently have none or remove the workflow if it is unused
Link a Slack account to each Incident.io user so they receive real-time incident notifications and can interact with incidents from Slack
data access
Disable private incident and escalation access in Incident.io workflow settings unless strictly required
data exposure
Review whether public status page exposure is intended and restrict access if not required
data leakage
Add conditions to workflows that run on all incidents without filters to limit unintended data exposure
governance
Assign an owning team to every Incident.io alert source that currently has no owner
Add filtering conditions to alert routes to prevent all alerts from being handled identically
Assign an owning team to every escalation path to establish clear accountability for on-call coverage
Assign an owning team to every on-call schedule to prevent orphaned rotations with no accountable owner
Review and update version-1 active workflows to confirm they still reflect current operational requirements
Set an explicit timezone on every on-call schedule to ensure handoffs and notifications fire at the correct local time
Configure holiday awareness on on-call schedules so responders are not unknowingly scheduled during public holidays
incident response
Add additional responders to each escalation path node to remove single points of failure
Add at least one additional rotation to on-call schedules that have only a single rotation
Ensure every on-call schedule has at least one active shift to maintain continuous incident coverage
Fix or remove Incident.io workflows that are in a disabled or error state
Disable continue-on-step-error in Incident.io workflow settings to ensure reliable workflow execution
Enable auto-resolve on Incident.io alert sources to prevent alerts from remaining open indefinitely
Attach an escalation path to every alert route so that triggered alerts reach on-call responders
Configure alert grouping on alert routes to reduce noise during alert storms
Ensure every escalation path has at least one active responder so that incidents are never silently dropped
Reduce the auto-resolve timeout on alert sources that exceed 24 hours to prevent stale alerts lingering unresolved
Add additional escalation levels to ensure incidents are re-escalated when the first responder does not acknowledge
network security
Enable the IP allowlist in Incident.io security settings to restrict access to trusted IP ranges
Add at least one IP allowlist rule or disable the allowlist to restore access to Incident.io