3.6.2 Track, document, and report incidents to designated officials and/or authorities both internal and external to the organization. You are an IT manager, answer the following questions: Is a formal documented event and incident tracking process or mechanism in place? Have authorities to whom incidents are reported been identified? Are records kept of authorities being notified of incidents? Are all employees and contractors aware of their responsibility to report information security events or weaknesses to the appropriate management channels in a timely manner?.