Slack templates
Incident report template

Incident report template

Stay compliant and preserve the facts of any workplace incident.

About this template

While you may want to forget an unpleasant incident in the workplace — such as an injury, property damage, theft, or a similarly unfortunate event — it’s important to write an incident report that provides a lasting record of all the facts. Maintaining a clear record is essential for compliance, auditing requirements, and effective communication across disparate teams. Incident reports also help you learn and prevent similar incidents from happening again.

This customizable incident report template can help you write clear, thorough incident reports while keeping your processes centralized in Slack.

How to use this template in Slack: step-by-step instructions

Slack’s incident report template offers a straightforward and customizable approach to managing your incident reporting workflow. Here’s how to use it:

Step 1: Start a new incident report on a canvas

Visit the Slack template gallery and select the incident report template. Then click “Use this template.”

This will generate a new Slack canvas that is automatically filled with the report template. You can add this to an incident channel by copying and pasting the link to the new canvas into the channel.

Step 2: Fill in the canvas with known information about the incident

Review the default template, decide whether to customize it, and begin filling in the information you already know. The default categories are:

  • Incident summary. High-level details of an incident, including incident date, incident ID, reported by, security level, and status.
  • Incident description. A detailed description of exactly what happened.
  • Priority action items. Actions required to rectify the incident and restore operations. In this template, you can list them in an interactive checklist and tag responsible team members.
  • Root cause analysis. An analysis of the specific circumstances that led to the incident. This section is usually completed only after all the facts of the incident are confirmed.
  • What went well and what could have gone better. These two sections allow you to conduct a brief postmortem of the incident by identifying what aspects of the response went well or poorly. Again, this section is typically completed after the facts of the report have been verified.
  • Open questions. List any questions you still have about the incident and, when possible, tag the team members who can answer these questions.

Step 3: Collect team member input via a short form

You’ll need to collect information from eyewitnesses to fill in the template. A simple method is to use a form in Slack. These forms are easy to customize, and you can share them either in the incident channel or through an automated workflow that notifies people when they need to fill them out.

Step 4: Track actions in the template checklist

Track the completion of each priority action item by assigning team members and due dates to every task. Updates on each action item can be discussed in dedicated Slack threads for better visibility.

Step 5: Review and finalize the report

Once all the key facts of an incident are obtained, fill out the root cause analysis section and answer the postmortem questions. Then update the report’s status and send it to reviewers for approval. Reviewers can be tagged in the canvas, or you can build a workflow for a multistep review process.

Step 6: Share the report and related findings

After all the key stakeholders have signed off on a report, pin it to the incident channel so it can be easily referenced. You may also want to create an additional document detailing lessons learned or link the report to similar incidents, allowing for a trend analysis to be conducted.

What is an incident report?

An incident report is a document that includes all the key facts about an adverse event in the workplace. It explains what happened and lists important details about the event, such as the names of everyone involved, the location, and the time of the incident. Incident reports also provide information about the impact, including which parts of the business are affected, the next steps needed to resolve the issue, and what will be done in the future to prevent similar incidents.

Essential information to include in your template

This incident report template is fully customizable, and you’re free to add or remove sections as needed. However, every incident report must include a few core elements:

  • Incident date, time, and location
  • Incident type
  • Names and roles of all individuals involved
  • Description of what occurred
  • Impact of the incident
  • Immediate actions taken
  • Root cause (if known)
  • Follow-up tasks and their owners
  • Any additional documents that can serve as evidence

Use cases for incident report templates

There are various types of incidents you might need to report, and tailoring your incident report template can be useful. You can create separate templates for specific use cases or add conditional sections to your main template.

Here are some examples of use case-specific incident report templates:

Workplace safety incident template

When an employee is injured or becomes ill, you need details about the severity of their condition and the treatment they received. A template for a workplace safety incident might include the specific actions or materials that caused the injury or illness, whether personal protective equipment was used, whether medical assistance was sought, and the number of days of work the employee will miss.

IT security incident template

When it comes to IT incidents or cybersecurity breaches, your organization needs to know which systems were impacted and the technologies used to contain the breach. A template for IT incident management might include details on how the threat was initially detected, which systems or data were compromised, the steps taken to contain the malicious code, whether there was any system downtime, and, if so, how long it lasted.

Customer impact incident template

If an incident affects customers, the organization must act promptly to address it. An incident report can assist by documenting contact details of affected customers, steps taken to resolve any issues, how communication was handled during and after the incident, and the impact, if any, on SLAs and other agreements with customers.

HR incident report template

HR incidents usually involve policy violations such as harassment, discrimination, or workplace retaliation. Reports should be as detailed as physical injury reports and include statements from all involved parties, including witnesses. They should also document the actions taken to resolve the incident before reporting to HR, the impact on affected employees’ ability to work, and any policy documents that recommend mediation or disciplinary steps.

Physical security incident report template

Many incidents involve harm to equipment or property. These need to be thoroughly documented to help the organization better manage resources and potentially collect insurance. Include elements like evidence showing how the property was damaged or stolen (such as surveillance footage or access logs), the cost of property that was lost or damaged, the environment where the equipment or property was stored before the incident, and whether there were any eyewitnesses to the damage or theft.

When to file an incident report

Incident reports should be filed whenever personnel are injured or property is seriously harmed or stolen. Reports are also necessary for near misses, when someone or something is almost seriously harmed, or when a hazardous condition with the potential to cause harm is identified.

Some examples of scenarios requiring an incident report include:

  • An employee is hospitalized after exposure to hazardous chemicals at work
  • A customer falls and is injured on your property
  • A fire breaks out at a company-owned factory
  • A hacker bypasses your firewall and gains access to sensitive financial data
  • An employee faces racial harassment from a coworker
  • A thief tries to break into private company property after hours
  • A near miss, such as a hack detected before data was compromised or heavy machinery almost causing damage
  • Discovery of hazardous or unsanitary conditions, such as improper food storage at a restaurant or a lack of safety equipment at a construction site

Eight best practices for incident reporting

Writing an effective incident report requires being both concise and thorough. Follow these best practices to craft a good incident report:

  1. Remain objective. Stick to the facts and refrain from letting your opinion influence how you report them.
  2. Include the who, what, when, where, and how. Remember these core questions to make sure you include all vital information.
  3. Use direct, concise language. Write in a clear, precise manner, with minimal jargon and simple phrasing.
  4. Timestamp everything. You should be able to see when each edit to the report was made and who made it.
  5. Protect personal information. While it’s important to identify everyone involved in an incident, it’s also crucial to maintain confidentiality. Only include personally identifiable information when it’s absolutely necessary, and think about limiting access to your reports.
  6. Save the analysis for later. You can’t accurately determine the cause of an incident until a thorough investigation is finished. Hold off on any analysis until the reporting process is complete.
  7. Attach evidence. Attach photos, digital communications, eyewitness statements, security logs, and other documentation that can prove or provide context to what’s in the report.
  8. Close the loop on next steps. Assign owners and due dates to next steps or remedial actions and follow up to make sure they’re completed.

How to customize incident reporting for your organization

Every organization has slightly different policies that dictate how incident response workflows and automation should be managed. Slack offers the flexibility to meet these needs with features like:

  • Multilevel approval workflow creation. You can use Slack’s Workflow Builder to send completed incident reports through the approval process, even when your organization requires complex, multistep approvals.
  • Integration with ticketing platforms. You can also streamline your workflow by using Slack’s integrations with ticketing apps or by integrating with an open-source incident management tool.
  • Encryption keys for confidentiality. Encryption keys in Slack let you mark reports as confidential and restrict access to specific roles or users.
  • Customizable retention rules. Keep reports accessible for as long as required by regulations by customizing data retention rules in Slack.
  • Ability to customize and save multiple template versions. As mentioned, you can customize your incident report template to build a library of templates for specific use cases.

Overcome disruptions with great incident reporting

Any negative workplace incident can cause disruptions, but a well-written incident report with clear and specific details can help restore calm and order to the organization. This keeps everyone focused on solutions, maintains compliance, and helps prevent similar problems in the future.

This template, combined with the flexible features available in Slack, provides a solid foundation for effective incident reporting.

Frequently Asked Questions

The words incident and accident are often used interchangeably, but in workplace safety, they have slightly different meanings. An accident is considered more serious than an incident and is typically defined as a sudden, unexpected event that causes serious injury or even death. However, the term accident report is not generally used in a workplace context. OSHA recommends using incident report for all adverse workplace events to avoid confusion.

Incident reports should be filed as soon as reasonably possible after an incident. Generally, aim to finalize it within a week while the information is fresh and available.

Access and editing rights for incident reports vary depending on the incident type and your organization’s policies. Incident reports should be accessible to the individuals directly involved in the incident, their immediate supervisors, members of the department responsible for managing the incident (such as HR), and senior-level approvers. Additional policies will clarify which of those individuals can edit the report and who can only view it.

Any evidence supporting the details of an incident report should be attached. Here are some types of evidence you might include: photographs of the aftermath of the incident (injuries, broken equipment, damaged property, and so on), transcripts of eyewitness statements, written communications relevant to the incident, access logs for the site where it happened, and video surveillance footage.

Check your state laws and compliance certifications to determine the retention period for incident reports, as each organization has slightly different guidelines. For example, OSHA generally requires incident reports to be kept for five years.

Yes, this template can be used for near-miss events just as it is used for other incidents.