What is the recommended approach to incident response for data incidents in Foundry?

Incidents are best handled through a structured, proactive cycle: detect via alerts, triage with logs and lineage to understand the scope and impact, apply remediation to contain and fix the issue, and document a post-incident review to capture root cause, actions taken, and lessons learned. This approach ensures timely identification of problems, accurate assessment of what data and components are affected through logs and provenance, effective containment and repair, and a documented plan to prevent recurrence and support audits. Relying solely on user reports can miss early signals and delay action; waiting for formal audits before acting leaves problems unresolved; ignoring the incident is dangerous and unacceptable.