Overview#
A senior executive activates an SOS alert from her phone in a city where civil unrest has just broken out. The incident is created within seconds of the activation. Her location is linked automatically. Her emergency contacts are notified. The response team sees the incident in real time and begins coordination. Every communication, every evidence item, and every action taken in the next two hours is logged to a chronological timeline that becomes the definitive incident record.
Speed at the moment of activation and completeness through the lifetime of the incident, the DoC Incident domain delivers both.
Key Features#
- SOS activation and incident creation with rapid response design.
- Incident lifecycle tracking from creation through resolution.
- Communications logging for all incident-related interactions.
- Evidence collection and attachment management.
- Timeline management with chronological event tracking.
- Real-time WebSocket subscriptions for live incident updates.
- Incident severity classification and prioritisation.
- Multi-party incident coordination and assignment.
Use Cases#
Corporate travel security teams manage SOS activations from employees in high-risk environments, with rapid incident creation ensuring that response workflows start the moment an alert is activated rather than waiting for manual processing.
Duty of care operators track incident progress with real-time updates, keeping every team member with a role in the response synchronised on the current situation without separate coordination calls.
Response coordinators collect and organise evidence during active incidents, communications logs, location data, supporting documents, into a structured record that serves as both the operational record and the post-incident report.
Security operations managers coordinate multi-party responses involving the traveler, local security providers, and home office security teams, with assignment tracking ensuring that every task has a clear owner.
Integration#
Integrates with alert management, location services, and evidence management for comprehensive duty of care incident response.
Open Standards#
- GraphQL (June 2018 specification): All incident queries, mutations, and live-update subscriptions are served through a GraphQL API built with Strawberry, giving clients fine-grained control over the fields they retrieve.
- RFC 6455 WebSocket: Real-time incident creation, status-change, and resolution events are pushed to connected command-centre clients via WebSocket, eliminating polling for live operational dashboards.
- OASIS Common Alerting Protocol (CAP) 1.2: Incidents can be exported as CAP 1.2 XML documents (namespace
urn:oasis:names:tc:emergency:cap:1.2), enabling interoperability with alerting aggregators, public-warning systems, and emergency dispatch platforms that consume the OASIS standard. - NIEM 6.0 (National Information Exchange Model): Incidents can be exported as NIEM 6.0 JSON using the Emergency Management and NIEM Core namespaces, supporting information exchange with law-enforcement, justice, and emergency-management systems that require NIEM-conformant payloads.
- EDXL-SitRep / EDXL-RM (OASIS Emergency Data Exchange Language): The canonical incident
incident_statefield uses EDXL-SitRep vocabulary (notified, assessing, etc.), and the incident linker accepts inbound resources via EDXL-RM, allowing integration with wider emergency-management information-sharing networks. - ISO 8601 / RFC 3339: Every incident timestamp, activation, status change, and resolution, is serialised as an ISO 8601 / RFC 3339 string, ensuring unambiguous interchange with external systems and audit log consumers.
- OGC EPSG:4326 (WGS 84): Incident and evidence locations are stored as PostGIS geography columns with SRID 4326, the global geodetic datum referenced by OGC standards, and coordinates are exposed as decimal latitude and longitude pairs throughout the API.
Last Reviewed: 2026-02-05 Last Updated: 2026-04-14