Preparing for cybersecurity and data privacy incidents involves creating checklists and documented plans to enable the response team to do their best during the incident. Preparation also includes creating a template that the team can use as the basis for the incident report, which is critical to ensuring that the incident is handled well.

We created such an incident report template when we developed our incident response procedures at Axonius. I’m happy to share the public version of this template with the community in this blog post. Incident responders are welcome to use it to strengthen the way they collect, document, and communicate incident-related details.

The incident report template should be used by the incident response coordinator–the person in charge of the organization’s handling of the incident. It helps the coordinator ask the right questions of the people involved in the various response tasks.

The questions captured in this report template fall into these high-level categories in anticipation of what the report's readers expect to see:

• What happened and when?
• What was the root cause?
• What was and remains to be done?
• What lessons can be learned?
• What are the remaining action items?

The template captures the details related to these questions. It’s based on the report-writing guidelines I prepared for participants of my Cybersecurity Writing course.

Elisabetta Tiani added her expertise to allow the template to be used for both cybersecurity and privacy incidents. Daniel Trauner shared his insights to strengthen the template further.

You can download the template in the Microsoft Word (OOXML) format here. We’re distributing it under the Creative Commons v4 “Attribution” License so that organizations can adjust the template to their needs.