Help Centre

Folelse uses four severity levels for breach records. The level guides your response, your notification obligation, and the urgency of remediation.

Severity levels

• Low — minimal or no risk to individuals. Unlikely to require ICO notification or individual notification. Example: a single internal email sent to the wrong internal recipient, immediately recalled.
• Medium — some risk to individuals. May require ICO notification depending on data types. Example: an unencrypted USB drive containing staff names and payroll data lost externally.
• High — significant risk to individuals. Almost certainly requires ICO notification and likely individual notification. Example: a cyberattack resulting in exfiltration of patient health records.
• Critical — severe risk. Immediate ICO notification required. Individual notification required. Example: ransomware attack affecting all patient records, or disclosure of data enabling immediate harm (e.g. domestic violence victim's address).

How to reassess severity during an investigation

Initial severity is often set before you have full information. As your investigation progresses, edit the breach record to update the severity. Folelse logs all changes to the severity field in the audit trail, creating a clear investigation timeline.