Incident Report Form

Incident Information

Field	Details
Incident ID	INC-[YYYY]-[###]
Date/Time Detected
Date/Time Reported
Reported By
Assigned To
Severity	[ ] Critical (S1) [ ] High (S2) [ ] Medium (S3) [ ] Low (S4)
Category	[ ] Malware/Ransomware [ ] Phishing [ ] Unauthorized Access [ ] Data Breach [ ] DoS [ ] Insider Threat [ ] BEC [ ] Physical [ ] Supply Chain [ ] Web App [ ] Other
Status	[ ] Open [ ] Investigating [ ] Contained [ ] Eradicated [ ] Recovered [ ] Closed

Incident Description

Summary (brief description of the incident):

How was the incident detected?

What systems/data are affected?

Estimated number of affected users/records:

Is the incident still ongoing? [ ] Yes [ ] No [ ] Unknown

Systems Affected

System Name	IP Address	Function	Impact

Data Affected

Data Type	Classification	Estimated Volume	Encrypted?
[ ] CUI [ ] PHI [ ] PII [ ] PCI [ ] IP [ ] Other			[ ] Yes [ ] No

Timeline of Events

Date/Time	Event	Action Taken	By Whom

Containment Actions

• [ ] Systems isolated from network
• [ ] Compromised accounts disabled
• [ ] Malicious IPs/domains blocked
• [ ] Credentials reset
• [ ] Evidence preserved
• [ ] Other: _______

Root Cause Analysis

Attack vector:

Vulnerability exploited:

Root cause:

Remediation Actions

Action	Status	Assigned To	Target Date	Completed Date
	[ ] Open [ ] Done
	[ ] Open [ ] Done
	[ ] Open [ ] Done

Notifications Made

Entity	Date/Time	Method	Contact Person	Reference #
Management
Legal
Insurance
Law Enforcement
Regulatory Body
Affected Individuals

Lessons Learned

What worked well:

What could be improved:

Recommendations:

Sign-Off

Role	Name	Signature	Date
Incident Handler
IR Lead
Management

---

Document Retention: Retain for minimum 6 years per organizational policy.