Incident Response
This guide covers the procedures for identifying, responding to, documenting, and reviewing security incidents in Turqoa. Operators are the first line of response, with escalation paths to security teams and terminal management.
Incident Types and Severity
Turqoa classifies security incidents by type and severity to ensure appropriate response.
| Severity | Label | Response Time | Examples |
|---|---|---|---|
| P1 | Critical | Immediate (< 2 min) | Active intrusion, unauthorized vessel approach, physical threat |
| P2 | High | < 5 min | Perimeter breach (unmanned), unidentified vehicle in restricted zone |
| P3 | Medium | < 15 min | Tailgating at gate, loitering in secured area, camera tampering |
| P4 | Low | < 60 min | Minor policy violation, equipment malfunction, false alarm confirmation |
Incident Categories
| Category | Description | Typical Severity |
|---|---|---|
| Intrusion | Unauthorized entry into a secured zone | P1 - P2 |
| Perimeter breach | Physical breach of fence, wall, or barrier | P1 - P2 |
| Unauthorized vehicle | Vehicle in restricted area without clearance | P2 - P3 |
| Tailgating | Vehicle follows another through a controlled gate without authorization | P3 |
| Loitering | Person or vehicle remaining in a zone beyond the allowed duration | P3 - P4 |
| Camera/sensor tamper | Deliberate obstruction or damage to surveillance equipment | P2 - P3 |
| Maritime threat | Unauthorized vessel approach or waterside intrusion | P1 - P2 |
Response Procedures
Step 1: Acknowledge the Incident
When an alert appears in the Incident Panel:
- Click the alert to open the incident detail view.
- Review the AI-generated summary, affected zone, and camera feeds.
- Click Acknowledge to indicate you are handling the incident. This stops the escalation timer.
Step 2: Assess the Situation
- Review all available camera angles for the affected zone.
- Check the zone map for the incident location relative to critical assets.
- Determine if the incident is a true positive or false alarm.
- If false alarm, mark as False Positive with a reason and close.
Step 3: Respond
For confirmed incidents:
- Notify on-site security via the integrated radio/intercom panel if physical response is needed.
- Dispatch a drone for aerial verification if the zone is not fully covered by fixed cameras.
- Lock down affected zones by triggering gate closures or barrier activations from the Command Center.
- Escalate to terminal security manager for P1 incidents.
Step 4: Document
All actions taken during the incident are automatically logged. Additionally:
- Add manual observations using the incident notes field.
- Tag relevant camera snapshots as evidence.
- Record the outcome (resolved, false alarm, escalated to law enforcement).
Drone Dispatch Protocol
Turqoa integrates with autonomous drones for rapid aerial verification of security incidents.
Dispatch Criteria
| Criteria | Action |
|---|---|
| P1 or P2 incident in an area with limited camera coverage | Dispatch immediately |
| Perimeter breach with no visual confirmation | Dispatch for verification |
| Incident in a large open area (yard, laydown zone) | Dispatch for situational awareness |
| False alarm rate > 50% for a zone | Dispatch to verify before committing ground resources |
Dispatch Procedure
- From the incident panel, click Dispatch Drone.
- Select the target zone or enter GPS coordinates.
- Choose the mission type:
- Inspection --- Fly to location, hover, and stream video (default)
- Patrol --- Fly a predefined route around the zone perimeter
- Track --- Follow a moving target identified by AI
- Monitor the drone's live feed in the Drone Control panel.
- When the mission is complete, the drone returns to its charging pad automatically.
Note: Drones operate within pre-configured geofenced zones and altitude limits. They cannot be manually flown outside these boundaries from the Command Center.
Evidence Capture
During an incident, Turqoa automatically captures and preserves evidence:
- Video clips --- 30-second pre-event and continuous recording during the incident from all cameras covering the zone.
- Snapshots --- High-resolution still frames at the moment of detection and at operator-selected points.
- AI detections --- Bounding boxes, classification labels, and confidence scores for all detected objects.
- Audit trail --- Timestamped log of every operator action, system event, and decision.
All evidence is stored with tamper-evident checksums and can be exported as a single incident package.
Incident Documentation
After resolving an incident, complete the incident report:
- Summary --- One-paragraph description of what happened.
- Timeline --- Key events with timestamps (auto-populated from the audit trail).
- Root cause --- What triggered the incident (actual threat, environmental factor, system error).
- Actions taken --- List of all response actions.
- Outcome --- Final resolution (threat neutralized, false alarm, referred to law enforcement).
- Recommendations --- Suggestions for preventing recurrence.
Post-Incident Review
For P1 and P2 incidents, a formal review should be conducted within 48 hours.
Review Agenda
- Replay the incident timeline using Turqoa's Incident Replay feature.
- Evaluate response time against SLA targets.
- Identify any gaps in camera coverage or AI detection.
- Review operator actions for adherence to protocol.
- Document lessons learned and action items.
- Update response procedures if needed.
The review is recorded in Turqoa and linked to the original incident for compliance purposes.