Cases & Manual Review
Learn how evaluations flagged for human review become cases, how case queues work, and how reviewers issue final decisions.
A case is the record created when an evaluation routes to manual review. Cases are created when certain risk rules are triggered within a workflow and the decision is REVIEW, or when a Manual Review step is reached. Not every evaluation creates a case — only those flagged for human review.
Each case contains the decision, enrichment data, signals, tags, reason codes, and the full execution trace. Cases are routed to a Case Queue for human review.
Case lifecycle
| Phase | What happens |
|---|---|
| Creation | An evaluation completes (or reaches Manual Review). RiskOS™ creates a case with the decision, enrichment data, and execution trace. |
| Queue assignment | Cases with a REVIEW decision are placed in a Case Queue based on the workflow configuration. |
| Team assignment | A reviewer or team lead assigns the case to a specific reviewer. |
| Investigation | The reviewer examines enrichment data, signals, decision paths, and related cases in the Case View. |
| Status updates | The case moves through statuses (Open → On Hold → Closed) and customizable sub-statuses. |
| Final decision | The reviewer makes a decision: Accept or Reject. |
| Communication | The decision is communicated back to your system via webhook (decision_update event) or API. |
Case statuses
RiskOS™ defines three top-level case statuses:
| Status | Description |
|---|---|
| Open | Newly created, awaiting assignment or review |
| On Hold | Paused pending additional information or action |
| Closed | Final decision made, case resolved |
Each status supports sub-statuses that are fully customizable per organization. For example, the default sub-status for an Open case is "In Review." Organizations can define additional sub-statuses such as "Escalated", "Pending Documents", or any label that fits their review workflow.
Decision vs status
These are distinct concepts (see Decisions):
| Concept | Question it answers | Set by |
|---|---|---|
| Decision | "What action should be taken?" | Workflow or reviewer |
| Status | "Where is this case in the review process?" | System or reviewer |
A case can have a REVIEW decision and an Open status with an "In Review" sub-status simultaneously.
Manual review: how it works
When a workflow can't reach an automated decision, it routes the evaluation to manual review:
- Trigger: The workflow reaches a Manual Review step, or a Decision step returns
REVIEW. - Case Queue: The case appears in the configured review queue.
- Assignment: A reviewer claims the case or another user assigns it.
- Investigation: The reviewer uses the Case View to examine:
- Enrichment data and scores
- Decision Path (step-by-step execution trace)
- Related cases (linked by entity — email, phone, SSN)
- Tags and reason codes
- Decision: The reviewer selects Accept or Reject.
- Notification: A
decision_updatewebhook event is sent to your endpoint.
Fraud feedback
During manual review, authorized reviewers can mark a case as fraudulent or not fraudulent:
- Mark as Fraud: Flags the case regardless of the current decision. Triggers a
fraud_confirmingwebhook event. - Mark as non-fraud: Reverses a fraud marking with a required note.
Fraud labels contribute to Socure's machine learning models (Sigma Identity Fraud, Sigma Synthetic Fraud) for improved detection.
Related concepts
- Evaluations — The process that creates a case
- Decisions — The outcome recorded on a case (distinct from case status)
- Statuses & Lifecycle — Case status lifecycle: Open → On Hold → Closed
- Workflows — The logic that routes evaluations to manual review
- Signals & Attributes — The data visible in case detail views (signals, tags, reason codes)
- Enrichments — Enrichment data displayed in case enrichment tiles
- Terminology Governance — "Case" not "ticket"; "status" for case lifecycle
- Case Management Overview — Full Case Management feature guide
- Case Queues — Queue configuration and management
- Manual Evaluations — Running evaluations from the dashboard
- Webhook Events: decision_update — Receiving manual review decisions
Updated 5 days ago