Slack templates
Incident report template

Incident report template

Stay compliant and preserve the facts of any workplace incident.

About this template

While you may want to forget an unpleasant incident in the workplace – such as an injury, property damage, theft or a similarly unfortunate event – it’s important to write an incident report that provides a lasting record of all the facts. Maintaining a clear record is essential for compliance, auditing requirements and effective communication across disparate teams. Incident reports also help you to learn and prevent similar incidents from happening again.

This customisable incident report template can help you to write clear, thorough incident reports while keeping your processes centralised in Slack.

How to use this template in Slack: Step-by-step instructions

Slack’s incident report template offers a straightforward and customisable approach to managing your incident reporting workflow. Here’s how to use it:

Step 1: Start a new incident report on a canvas

Visit the Slack template gallery and select the incident report template. Then click ‘Use this template’.

This will generate a new Slack canvas that is automatically filled with the report template. You can add this to an incident channel by copying and pasting the link to the new canvas into the channel.

Step 2: Fill in the canvas with known information about the incident

Review the default template, decide whether to customise it and begin filling in the information that you already know. The default categories are:

  • Incident summary. High-level details of an incident, including incident date, incident ID, reported by, security level and status.
  • Incident description. A detailed description of exactly what happened.
  • Priority action items. Actions required to rectify the incident and restore operations. In this template, you can list them in an interactive checklist and tag responsible team members.
  • Root cause analysis. An analysis of the specific circumstances that led to the incident. This section is usually only completed after all the facts of the incident have been confirmed.
  • What went well and what could have gone better. These two sections allow you to conduct a brief postmortem of the incident by identifying what aspects of the response went well or poorly. Again, this section is typically completed after the facts of the report have been verified.
  • Open questions. List any questions that you still have about the incident and, when possible, tag the team members who can answer these questions.

Step 3: Collect team member input via a short form

You’ll need to collect information from eyewitnesses to fill in the template. A simple method is to use a form in Slack. These forms are easy to customise, and you can share them either in the incident channel or through an automated workflow that notifies people when they need to fill them in.

Step 4: Track actions in the template checklist

Track the completion of each priority action item by assigning team members and due dates to every task. Updates on each action item can be discussed in dedicated Slack threads for better visibility.

Step 5: Review and finalise the report

Once all the key facts of an incident are obtained, fill in the root cause analysis section and answer the postmortem questions. Then update the report’s status and send it to reviewers for approval. Reviewers can be tagged in the canvas, or you can build a workflow for a multistep review process.

Step 6: Share the report and related findings

After all the key stakeholders have signed off on a report, pin it to the incident channel so that it can be easily referenced. You may also want to create an additional document detailing lessons learned or link the report to similar incidents, allowing for a trend analysis to be conducted.

What is an incident report?

An incident report is a document that includes all the key facts about an adverse event in the workplace. It explains what happened and lists important details about the event, such as the names of everyone involved, the location and the time of the incident. Incident reports also provide information about the impact, including which parts of the business are affected, the next steps needed to resolve the issue and what will be done in the future to prevent similar incidents.

Essential information to include in your template

This incident report template is fully customisable, and you’re free to add or remove sections as needed. However, every incident report must include a few core elements:

  • Incident date, time and location
  • Incident type
  • Names and roles of all individuals involved
  • Description of what occurred
  • Effect of the incident
  • Immediate actions taken
  • Root cause (if known)
  • Follow-up tasks and their owners
  • Any additional documents that can serve as evidence

Use cases for incident report templates

There are various types of incidents that you might need to report, and tailoring your incident report template can be useful. You can create separate templates for specific use cases or add conditional sections to your main template.

Here are some examples of use case-specific incident report templates:

Workplace safety incident template

When an employee is injured or becomes ill, you need details about the severity of their condition and the treatment that they received. A template for a workplace safety incident might include the specific actions or materials that caused the injury or illness, whether personal protective equipment was used, whether medical assistance was sought and the number of days of work that the employee will miss.

IT security incident template

When it comes to IT incidents or cybersecurity breaches, your organisation needs to know which systems were affected and the technologies used to contain the breach. A template for IT incident management might include details on how the threat was initially detected, which systems or data were compromised, the steps taken to contain the malicious code, whether there was any system downtime and, if so, how long it lasted.

Customer impact incident template

If an incident affects customers, the organisation must act promptly to address it. An incident report can assist by documenting contact details of affected customers, steps taken to resolve any issues, how communication was handled during and after the incident, and the effect, if any, on SLAs and other agreements with customers.

HR incident report template

HR incidents usually involve policy violations such as harassment, discrimination or workplace retaliation. Reports should be as detailed as physical injury reports and include statements from all parties involved, including witnesses. They should also document the actions taken to resolve the incident before reporting to HR, the effect on affected employees’ ability to work, and any policy documents that recommend mediation or disciplinary steps.

Physical security incident report template

Many incidents involve harm to equipment or property. These need to be thoroughly documented to help the organisation better manage resources and potentially collect insurance. Include elements such as evidence showing how the property was damaged or stolen (such as surveillance footage or access logs), the cost of property that was lost or damaged, the environment where the equipment or property was stored before the incident, and whether there were any eyewitnesses to the damage or theft.

When to file an incident report

Incident reports should be filed whenever staff are injured or property is seriously harmed or stolen. Reports are also necessary for near misses, when someone or something is almost seriously harmed, or when a hazardous condition is identified that has the potential to cause harm.

Some examples of scenarios requiring an incident report include:

  • An employee is hospitalised after exposure to hazardous chemicals at work
  • A customer falls and is injured on your property
  • A fire breaks out at a company-owned factory
  • A hacker bypasses your firewall and gains access to sensitive financial data
  • An employee faces racial harassment from a colleague
  • A thief tries to break into private company property after hours
  • A near miss, such as a hack detected before data was compromised or heavy machinery almost causing damage
  • Discovery of hazardous or unsanitary conditions, such as improper food storage at a restaurant or a lack of safety equipment at a construction site

Eight best practices for incident reporting

Writing an effective incident report requires being both concise and thorough. Follow these best practices to craft a good incident report:

  1. Remain objective. Stick to the facts and refrain from letting your opinion influence how you report them.
  2. Include the who, what, when, where and how. Remember these core questions to make sure that you include all vital information.
  3. Use direct, concise language. Write in a clear, precise manner, with minimal jargon and simple phrasing.
  4. Time-stamp everything. You should be able to see when each edit to the report was made and who made it.
  5. Protect personal information. While it’s important to identify everyone involved in an incident, it’s also crucial to maintain confidentiality. Only include personally identifiable information when it’s absolutely necessary, and think about limiting access to your reports.
  6. Save the analysis for later. You can’t accurately determine the cause of an incident until a thorough investigation is finished. Hold off on any analysis until the reporting process is complete.
  7. Attach evidence. Attach photos, digital communications, eyewitness statements, security logs and other documentation that can prove or provide context to what’s in the report.
  8. Close the loop on next steps. Assign owners and due dates to next steps or remedial actions and follow up to make sure that they’re completed.

How to customise incident reporting for your organisation

Every organisation has slightly different policies that dictate how incident response workflows and automation should be managed. Slack offers the flexibility to meet these needs with features such as the following:

  • Multilevel approval workflow creation. You can use Slack’s Workflow Builder to send completed incident reports through the approval process, even when your organisation requires complex, multistep approvals.
  • Integration with ticketing platforms. You can also streamline your workflow by using Slack’s integrations with ticketing apps or by integrating with an open-source incident management tool.
  • Encryption keys for confidentiality. Encryption keys in Slack let you mark reports as confidential and restrict access to specific roles or users.
  • Customisable retention rules. Keep reports accessible for as long as required by regulations by customising data retention rules in Slack.
  • Ability to customise and save multiple template versions. As mentioned, you can customise your incident report template to build a library of templates for specific use cases.

Overcome disruptions with great incident reporting

Any negative workplace incident can cause disruptions, but a well-written incident report with clear and specific details can help to restore calm and order to the organisation. This keeps everyone focused on solutions, maintains compliance and helps to prevent similar problems in the future.

This template, combined with the flexible features available in Slack, provides a solid foundation for effective incident reporting.

Frequently asked questions

The words incident and accident are often used interchangeably, but in workplace safety, they have slightly different meanings. An accident is considered more serious than an incident and is typically defined as a sudden, unexpected event that causes serious injury or even death. However, the term accident report is not generally used in a workplace context. It is recommended that incident reports be used for all adverse workplace events to avoid confusion.

Incident reports should be filed as soon as reasonably possible after an incident. Generally, aim to finalise it within a week while the information is fresh and available.

Access and editing rights for incident reports vary depending on the incident type and your organisation’s policies. Incident reports should be accessible to the individuals directly involved in the incident, their immediate supervisors, members of the department responsible for managing the incident (such as HR) and senior-level approvers. Additional policies will clarify which of those individuals can edit the report and who can only view it.

Any evidence supporting the details of an incident report should be attached. Here are some types of evidence that you might include: photographs of the aftermath of the incident (injuries, broken equipment, damaged property and so on), transcripts of eyewitness statements, written communications relevant to the incident, access logs for the site where it happened and video surveillance footage.

Check your local laws and compliance certifications to determine the retention period for incident reports, as each organisation has slightly different guidelines. For example, the UK Health and Safety Executive generally requires incident reports to be kept for three years.

Yes, this template can be used for near-miss events just as it is used for other incidents.