2.0 KiB
Title: Incident Register Template Document ID: [REG-INCIDENT-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CISO (Paul Jenkins) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]
Incident Register Template
Purpose
This template provides the structure for recording security incidents and tracking their status and outcomes.
Scope
This register applies to suspected and confirmed information security incidents affecting in-scope people, information, systems, services, suppliers, or customers.
Data Fields / Expected Columns
The register should record at least:
- incident ID
- date reported
- reported by
- incident title
- affected asset or service
- severity
- status
- summary
- containment status
- notification required
- owner
- closure date
- lessons learned or linked actions
Ownership
This register should be owned by [Role]. Incident coordinators or handlers should maintain the status and outcome of each entry.
Update Frequency
The register should be updated when incidents are opened, reclassified, escalated, contained, communicated, or closed.
Retention
Incident records should be retained in line with legal, contractual, audit, and operational requirements.
Template Table
| Incident ID | Date Reported | Reported By | Incident Title | Affected Asset / Service | Severity | Status | Summary | Containment Status | Notification Required | Owner | Closure Date | Lessons Learned / Linked Actions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| [INC-001] | [DD Month YYYY] | [Name / Role / System] | [Short title] | [Asset / service] | [Low/Medium/High/Critical] | [Open / Investigating / Contained / Closed] | [Summary] | [In Progress / Complete] | [Yes / No / Under Assessment] | [Role] | [DD Month YYYY] | [Summary / corrective action ref] |
Related Documents
- Incident Response Policy
- Security Incident Handling Procedure
- Breach Notification Procedure
- Corrective Actions Register Template