Template
Security Incident Report Form
Standardised form for documenting and reporting security incidents.
Purpose
Every security incident must be documented consistently for investigation, compliance, and prevention. This form captures all required information.
Section 1: Incident Details
- Incident ID: Unique identifier (e.g., SEC-2026-001)
- Reported Date & Time: When the incident was reported
- Reported By: Name, department, contact
- Category: Phishing, malware, unauthorised access, data breach, physical security
- Severity: Critical, High, Medium, Low
Section 2: Description
Chronological description of what happened, when it started, how it was discovered, and immediate actions taken.
Section 3: Impact Assessment
- Data Affected: What data was potentially compromised?
- Systems Affected: Which systems were impacted?
- Users Affected: How many users were impacted?
- Business Impact: Revenue, productivity, reputation impact
Section 4: Response Actions
Document all containment, investigation, and recovery actions with timestamps.
Put this into practice with workro desk.