
About this template
While you may want to forget an unpleasant incident in the workplace — such as an injury, property damage, theft, or a similarly unfortunate event — it’s important to write an incident report that provides a lasting record of all the facts. Maintaining a clear record is essential for compliance, auditing requirements, and effective communication across disparate teams. Incident reports also help you learn and prevent similar incidents from happening again.
This customizable incident report template can help you write clear, thorough incident reports while keeping your processes centralized in Slack.
How to use this template in Slack: step-by-step instructions
Slack’s incident report template offers a straightforward and customizable approach to managing your incident reporting workflow. Here’s how to use it:
Step 1: Start a new incident report on a canvas
Visit the Slack template gallery and select the incident report template. Then click “Use this template.”
This will generate a new Slack canvas that is automatically filled with the report template. You can add this to an incident channel by copying and pasting the link to the new canvas into the channel.
Step 2: Fill in the canvas with known information about the incident
Review the default template, decide whether to customize it, and begin filling in the information you already know. The default categories are:
- Incident summary. High-level details of an incident, including incident date, incident ID, reported by, security level, and status.
- Incident description. A detailed description of exactly what happened.
- Priority action items. Actions required to rectify the incident and restore operations. In this template, you can list them in an interactive checklist and tag responsible team members.
- Root cause analysis. An analysis of the specific circumstances that led to the incident. This section is usually completed only after all the facts of the incident are confirmed.
- What went well and what could have gone better. These two sections allow you to conduct a brief postmortem of the incident by identifying what aspects of the response went well or poorly. Again, this section is typically completed after the facts of the report have been verified.
- Open questions. List any questions you still have about the incident and, when possible, tag the team members who can answer these questions.
Step 3: Collect team member input via a short form
You’ll need to collect information from eyewitnesses to fill in the template. A simple method is to use a form in Slack. These forms are easy to customize, and you can share them either in the incident channel or through an automated workflow that notifies people when they need to fill them out.
Step 4: Track actions in the template checklist
Track the completion of each priority action item by assigning team members and due dates to every task. Updates on each action item can be discussed in dedicated Slack threads for better visibility.
Step 5: Review and finalize the report
Once all the key facts of an incident are obtained, fill out the root cause analysis section and answer the postmortem questions. Then update the report’s status and send it to reviewers for approval. Reviewers can be tagged in the canvas, or you can build a workflow for a multistep review process.
Step 6: Share the report and related findings
After all the key stakeholders have signed off on a report, pin it to the incident channel so it can be easily referenced. You may also want to create an additional document detailing lessons learned or link the report to similar incidents, allowing for a trend analysis to be conducted.
What is an incident report?
An incident report is a document that includes all the key facts about an adverse event in the workplace. It explains what happened and lists important details about the event, such as the names of everyone involved, the location, and the time of the incident. Incident reports also provide information about the impact, including which parts of the business are affected, the next steps needed to resolve the issue, and what will be done in the future to prevent similar incidents.
Essential information to include in your template
This incident report template is fully customizable, and you’re free to add or remove sections as needed. However, every incident report must include a few core elements:
- Incident date, time, and location
- Incident type
- Names and roles of all individuals involved
- Description of what occurred
- Impact of the incident
- Immediate actions taken
- Root cause (if known)
- Follow-up tasks and their owners
- Any additional documents that can serve as evidence
Use cases for incident report templates
There are various types of incidents you might need to report, and tailoring your incident report template can be useful. You can create separate templates for specific use cases or add conditional sections to your main template.
Here are some examples of use case-specific incident report templates:
Workplace safety incident template
When an employee is injured or becomes ill, you need details about the severity of their condition and the treatment they received. A template for a workplace safety incident might include the specific actions or materials that caused the injury or illness, whether personal protective equipment was used, whether medical assistance was sought, and the number of days of work the employee will miss.
IT security incident template
When it comes to IT incidents or cybersecurity breaches, your organization needs to know which systems were impacted and the technologies used to contain the breach. A template for IT incident management might include details on how the threat was initially detected, which systems or data were compromised, the steps taken to contain the malicious code, whether there was any system downtime, and, if so, how long it lasted.
Customer impact incident template
If an incident affects customers, the organization must act promptly to address it. An incident report can assist by documenting contact details of affected customers, steps taken to resolve any issues, how communication was handled during and after the incident, and the impact, if any, on SLAs and other agreements with customers.
HR incident report template
HR incidents usually involve policy violations such as harassment, discrimination, or workplace retaliation. Reports should be as detailed as physical injury reports and include statements from all involved parties, including witnesses. They should also document the actions taken to resolve the incident before reporting to HR, the impact on affected employees’ ability to work, and any policy documents that recommend mediation or disciplinary steps.
Physical security incident report template
Many incidents involve harm to equipment or property. These need to be thoroughly documented to help the organization better manage resources and potentially collect insurance. Include elements like evidence showing how the property was damaged or stolen (such as surveillance footage or access logs), the cost of property that was lost or damaged, the environment where the equipment or property was stored before the incident, and whether there were any eyewitnesses to the damage or theft.
When to file an incident report
Incident reports should be filed whenever personnel are injured or property is seriously harmed or stolen. Reports are also necessary for near misses, when someone or something is almost seriously harmed, or when a hazardous condition with the potential to cause harm is identified.
Some examples of scenarios requiring an incident report include:
- An employee is hospitalized after exposure to hazardous chemicals at work
- A customer falls and is injured on your property
- A fire breaks out at a company-owned factory
- A hacker bypasses your firewall and gains access to sensitive financial data
- An employee faces racial harassment from a coworker
- A thief tries to break into private company property after hours
- A near miss, such as a hack detected before data was compromised or heavy machinery almost causing damage
- Discovery of hazardous or unsanitary conditions, such as improper food storage at a restaurant or a lack of safety equipment at a construction site
Eight best practices for incident reporting
Writing an effective incident report requires being both concise and thorough. Follow these best practices to craft a good incident report:
- Remain objective. Stick to the facts and refrain from letting your opinion influence how you report them.
- Include the who, what, when, where, and how. Remember these core questions to make sure you include all vital information.
- Use direct, concise language. Write in a clear, precise manner, with minimal jargon and simple phrasing.
- Timestamp everything. You should be able to see when each edit to the report was made and who made it.
- Protect personal information. While it’s important to identify everyone involved in an incident, it’s also crucial to maintain confidentiality. Only include personally identifiable information when it’s absolutely necessary, and think about limiting access to your reports.
- Save the analysis for later. You can’t accurately determine the cause of an incident until a thorough investigation is finished. Hold off on any analysis until the reporting process is complete.
- Attach evidence. Attach photos, digital communications, eyewitness statements, security logs, and other documentation that can prove or provide context to what’s in the report.
- Close the loop on next steps. Assign owners and due dates to next steps or remedial actions and follow up to make sure they’re completed.
How to customize incident reporting for your organization
Every organization has slightly different policies that dictate how incident response workflows and automation should be managed. Slack offers the flexibility to meet these needs with features like:
- Multilevel approval workflow creation. You can use Slack’s Workflow Builder to send completed incident reports through the approval process, even when your organization requires complex, multistep approvals.
- Integration with ticketing platforms. You can also streamline your workflow by using Slack’s integrations with ticketing apps or by integrating with an open-source incident management tool.
- Encryption keys for confidentiality. Encryption keys in Slack let you mark reports as confidential and restrict access to specific roles or users.
- Customizable retention rules. Keep reports accessible for as long as required by regulations by customizing data retention rules in Slack.
- Ability to customize and save multiple template versions. As mentioned, you can customize your incident report template to build a library of templates for specific use cases.
Overcome disruptions with great incident reporting
Any negative workplace incident can cause disruptions, but a well-written incident report with clear and specific details can help restore calm and order to the organization. This keeps everyone focused on solutions, maintains compliance, and helps prevent similar problems in the future.
This template, combined with the flexible features available in Slack, provides a solid foundation for effective incident reporting.