Unlock hundreds more features
Save your Form to the Dashboard
View and Export Results
Use AI to Create Forms and Analyse Results

Forgot Password?
Get Started
OR
Sign UpLogin With Facebook
Sign UpLogin With Google

Security Incident Report Form Template

Easily Document Security Incidents with Our Template

Documenting a security incident promptly can save your business from potential risks and liabilities. This Security Incident Report Form Template is designed for security officers and organizations that need to create clear, detailed records of any security events. With this template, you can streamline communication, ensure comprehensive incident tracking, and maintain compliance with reporting protocols. It offers customizable fields for thorough documentation, helps improve response strategies, and ensures that your reports are always consistent and clear. Start using this live template to simplify your reporting process.

Use this Template (FREE) Live Preview
Full name of reporter
Organization or department
Email address
Incident title or short summary
Date discovered
Approximate time discovered (local time)
How was the incident discovered?
User report
Security alert/EDR
SIEM or log monitoring
Helpdesk ticket
External notification (customer/vendor)
Law enforcement
Unknown
Other
Please Specify:
Current incident status
Ongoing
Contained
Eradicated
Recovered
Monitoring
Unknown
Estimated severity
Informational
Low
Medium
High
Critical
Unknown
Type of incident
Please Specify:
Impacted assets
Please Specify:
Describe what happened, including key events and timeline
Data involved
Please Specify:
Approximate number of affected individuals or accounts
None
1-10
11-100
101-1,000
1,001-10,000
10,001+
Unknown
Is data exfiltration suspected?
Yes
No
Unknown
Is service availability currently impacted?
Yes
No
Intermittent
Unknown
Actions taken so far
Evidence collected (e.g., logs, screenshots, filenames)
Are any systems still at risk?
Yes
No
Unknown
Parties notified so far
Please Specify:
Is regulatory reporting likely required?
Yes
No
Unknown
Not applicable
Primary team owning the incident
Security/IR
IT operations
Helpdesk
Legal
HR
Management/executive
Third-party/MSP
Unknown
Other
Please Specify:
Support or decisions needed
Suspected root cause category
Human error
Phishing/social engineering
Vulnerability exploited
Misconfiguration
Malicious insider
Lost or stolen device
Third-party compromise
Unknown
Other
Please Specify:
Type your full name to certify
I certify the information provided is accurate to the best of my knowledge.
Strongly disagree
Disagree
Neither
Agree
Strongly agree
{"name":"Full name of reporter", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"Full name of reporter, Organization or department, Email address","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
Paper art illustration representing a security incident report form template with design elements related to data protection.

When to use this form

Use this form when a threat, breach, or suspicious act affects people, property, data, or access. Example scenarios: a forced door, lost or cloned badge, theft from a loading dock, a phishing attempt that unlocked an account, or vandalism to CCTV. Site supervisors, security officers, and IT admins use the report to capture facts fast, preserve evidence, and trigger follow-up. If nothing criminal happened but behavior raised a concern, route it to the Suspicious activity report form. If the root issue is a software failure or outage, use the Software incident report form. If someone was hurt during the event, pair this report with the Employee injury report form for duty-of-care and insurance.

Must Ask Security Incident Report Questions

  1. What happened, in plain words?

    Plain, specific language reduces ambiguity and speeds triage. It helps investigators classify the event and match it to the right policy or playbook.

  2. When did it start and end?

    Time stamps establish a timeline, reveal dwell time, and support video or badge log pulls. Accurate timing also validates or disproves alibis and alerts.

  3. Where did it occur (site, building, room, or system)?

    Location directs responders to the right perimeter, camera, or system. It also flags zones that may need lockdown or extra patrols.

  4. Who was involved or affected (names, roles, contact)?

    Identifying people enables interviews, notifications, and duty-of-care steps. It also helps separate witnesses from suspects and note any vulnerable persons.

  5. What immediate actions did you take and what evidence is available?

    Documenting actions shows containment and preserves chain of custody for photos, video, logs, or recovered items. If no loss occurred but it was a near miss, record it in the Near-miss incident report form.

More Forms

Copy/Edit Form Send to Recipients Make a Form w/AI Form Builder Must Ask Questions
  • 100% Free - No Catches
  • Collect Responses Today
  • Tailor to your Look & Feel