Title: Incident Register Template Document ID: [REG-INCIDENT-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CISO (Paul Jenkins) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY] # Incident Register Template ## Purpose This template provides the structure for recording security incidents and tracking their status and outcomes. ## Scope This register applies to suspected and confirmed information security incidents affecting in-scope people, information, systems, services, suppliers, or customers. ## Data Fields / Expected Columns The register should record at least: - incident ID - date reported - reported by - incident title - affected asset or service - severity - status - summary - containment status - notification required - owner - closure date - lessons learned or linked actions ## Ownership This register should be owned by [Role]. Incident coordinators or handlers should maintain the status and outcome of each entry. ## Update Frequency The register should be updated when incidents are opened, reclassified, escalated, contained, communicated, or closed. ## Retention Incident records should be retained in line with legal, contractual, audit, and operational requirements. ## Template Table | Incident ID | Date Reported | Reported By | Incident Title | Affected Asset / Service | Severity | Status | Summary | Containment Status | Notification Required | Owner | Closure Date | Lessons Learned / Linked Actions | | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | | [INC-001] | [DD Month YYYY] | [Name / Role / System] | [Short title] | [Asset / service] | [Low/Medium/High/Critical] | [Open / Investigating / Contained / Closed] | [Summary] | [In Progress / Complete] | [Yes / No / Under Assessment] | [Role] | [DD Month YYYY] | [Summary / corrective action ref] | ## Related Documents - Incident Response Policy - Security Incident Handling Procedure - Breach Notification Procedure - Corrective Actions Register Template