Registration & Login

How do I register for an internal user account?

Go to the Registration Page by clicking the “sign up for an account”, fill out the required details, complete CAPTCHA, and confirm your email within 24 hours. Your account will then undergo approval by NTC CERT administrators or an authorized user.

Why do I need to verify my email?

Email verification ensures the accuracy and security of your account. Unverified accounts are automatically deleted after 24 hours.

What happens if my registration is rejected?

You will receive a notification with the reason for rejection. You may re-apply by correcting the noted issues.

I forgot my password, how can I reset it?

Use the Forgot Password link on the login page. Enter your registered email to receive a reset link.

Why am I being asked for a One-Time PIN (OTP) during login?

Acceptance ensures compliance with the Data Privacy Act of 2012. It confirms that the information you provide is accurate and that you consent to the processing of your personal data by NTC CERT/CSIRT.

Incident Reporting

How do I report an incident in the INMS?

Log in, navigate to File an Incident Report, and fill out the Incident Report Form

What happens after I submit an incident report?

You will receive an acknowledgment with a unique Incident ID. The CERT team will review, classify severity, and notify relevant stakeholders.

Can I track the status of my reported incident?

Yes, you can track progress in the Incident History Log which records all actions, assigned analysts, and timestamps.

Can I update my incident report after submission?

Yes, authorized reporters can add notes, upload attachments, or provide clarifications, but major updates require CERT approval.

Notifications & Alerts

Will I be notified about updates to my reported incident?

Yes, you will receive automated notifications when your incident is acknowledged, escalated, de-escalated, resolved, or closed.

What communication channels are used for notifications?

Notifications are sent via email and in-app alerts within the portal.

Security & Privacy

How does the system protect my account?

The system enforces strong password policies, encryption, hashing, salting, 2FA login, and periodic password updates (every 90 days).

How is my personal data protected?

The INMS complies with the Data Privacy Act of 2012 (RA 10173). All users must accept the Privacy Policy and consent statement during registration.

Technical Support

Who should I contact if I encounter issues with the portal?

You can access the Helpdesk & Technical Support section in your profile to view FAQs, troubleshooting guides, or submit a support ticket.

How do I check the status of my support request?

Each request is assigned a ticket number (HTS-YYYY-MM-NNNNN). You can track it in the Helpdesk module.

CERT Roles (Internal Users – NTC CERT/CSIRT)

CERT Point of Contact (POC)

Submit incident report tickets
Approve and disseminate incident reports and issue a notice to internal/external users
Act as a communication bridge

CERT Analyst

Review, assess, and evaluate incident reports
Fill out IAF1 (Initial Assessment Form) and FAF1 (Final Assessment Form)
Classify incident severity (Low/Medium/High/Critical)
Recommend escalation or closure

CERT Team Leader

Review and approve escalated incident reports from Analysts
Oversee the incident management process
Close incident reports after resolution
Assign/reassign incidents to Analysts

CERT Administrator (Internal)

Full system access within CERT/CSIRT portal
Manage incident routing, escalation, and notifications
Approve or reject new user registrations
Manage forms, notifications, and templates
Access full audit trail/li>

Administrative Roles (NTC Super Admins)

Manage user accounts (internal & external)
Define & assign system roles (RBAC)
Monitor all activities across portals
Configure system policies (timeouts, password expiry, maintenance, etc.)
Access full database, reports, and analytics/li>
Manage Helpdesk, FAQs, Knowledge Base, and System Settings

User & Access Management

How do I approve or reject new user registrations?

Log in to the Admin Dashboard → User Management → Pending. Review the details and approve or reject, and specify the remarks.

How can I create, update, or deactivate user accounts in the INMS?

Administrators can manage accounts through the User Management module. From this section, you can add new users, edit profile details, assign roles, and deactivate accounts when access is no longer required.

Can I deactivate a user’s account?

Yes. Accounts can be deactivated or suspended without deletion for security or compliance purposes.

What roles and permissions are available in the admin portal?

Roles include Reporter, Analyst, Supervisor, and Administrator. Each role has predefined permissions, which can be customized by the system administrator to meet organizational needs.

Can I assign different roles to users?

Yes. INMS uses Role-Based Access Control (RBAC) where roles like Reporter, Analyst, Team Leader, or Admin can be assigned.

Can I assign multiple roles to a single user?

Yes, users may be assigned multiple roles if needed. However, permissions should be carefully managed to avoid conflicts or excessive privileges.

How do I view user activity logs and audit trails?

Audit logs are available in the Users Management > Audit Trail section, where admins can track login history, changes to incident reports, and system configuration updates.

Incident Management

How do I classify an incident’s severity?

Severity is assessed during Incident Report review. Admins/Analysts can classify as Low, Medium, High, or Critical depending on impact and scope.

Can I reassign an incident to another analyst?

Yes. Use the Incident Management Panel to reassign based on availability and expertise.

How are notifications escalated?

The system automatically follows the Severity-Based Notification Matrix, but admins can manually add stakeholders

Can I generate incident reports for management?

Yes. The Reports Module allows exporting incident logs, trends, severity reports, and custom analytics.

How do administrators review and validate submitted incident reports?

Submitted reports appear in the Incident Queue. Administrators can open each report, verify details, attach supporting documents, and approve it for investigation.

Can admins reclassify the severity level of an incident report?

Yes, incident severity can be reclassified after initial review. Changes are logged in the incident’s history to maintain transparency.

Notifications & Escalations

Can I customize the notification templates?

Yes. Admins can edit message templates (acknowledgment, escalation, resolution) under System Maintenance → Notification Templates.

System Administration

Can I update the password/security policies?

Yes. Password length, expiration (e.g., 90 days), and session timeouts are configurable in System Security Settings.

How do I perform system backups?

Scheduled automatic backups are configured in the Admin Console, but manual backups can also be triggered.

Audit & Compliance

Does the system keep audit logs?

Yes. Every login, incident update, and notification is timestamped in the Audit Trail for compliance and review.

Reporting & Analytics

How do admins generate incident trend and performance reports?

Reports can be generated under Database Management System > Reports. Options include incident trends, resolution times, SLA compliance, and recurring threats.

Can reports be exported to PDF, Excel, or other formats?

Yes, reports can be exported in Excel format for easy sharing and documentation.

What analytics dashboards are available in the admin portal?

Dashboards provide visual insights into incident volume, severity distribution, resolution times, and sectoral comparisons.

What are the expected response SLAs for Low, Medium, High, and Critical incidents?

Low: Within 48 hours
Medium: Within 24 hours
High: Within 12 hours
Critical: Immediate acknowledgment and response (within 1–2 hours)

Management & Support

Will users be notified of scheduled system downtime or maintenance?

Yes, the system automatically sends notifications for planned maintenance windows to all active users.

Frequently Asked Questions