Incident Log Template
Security SpecialistOperations & StrategyDevops
Use this template during active incidents. The Scribe owns this document.
How to Use
- Copy this template to Incident-Logs folder
- Name it:
YYYY-MM-DD-brief-description(e.g.,2024-03-15-api-outage) - Update in real-time as things happen
- Use UTC timestamps, 24-hour format
- More detail is better. You can summarize later
Incident:
TITLE
Summary
| Field | Value |
|---|---|
| Status | Active / Mitigated / Resolved |
| Severity | P1 / P2 / P3 / P4 / P5 |
| Start Time | YYYY-MM-DD HH UTC |
| Resolution Time | |
| Affected Services |
Roles
| Role | Person |
|---|---|
| Detector | |
| Incident Leader | |
| Scribe | |
| Communication Manager | |
| Responders |
Communication Channels
- Call: [link]
- Chat: [channel]
Timeline
HH:MM UTC - Incident detected by [who/what]
HH:MM UTC - [Person] assigned as Incident Leader
HH:MM UTC - [Person] assigned as Scribe
HH:MM UTC - Initial assessment: [description]
HH:MM UTC - ...Investigation
What We Know
Affected Services
| Service | Impact | Status |
|---|---|---|
Root Cause (initial assessment)
Actions
Immediate
- [Action] @[Owner]
- [Action] @[Owner]
Resolution
- [Action] @[Owner]
- [Action] @[Owner]
Resolution Summary
Mitigation Applied
Verification
- [Check 1]
- [Check 2]
Communications Sent
| Time | Channel | Summary |
|---|---|---|
Post-Incident
- Post-mortem scheduled for: [date]
- Post-mortem document created (save to Post-Mortems folder)
- Action items assigned
Links & Evidence
- [Relevant dashboard]
- [Relevant PR/commit]
- [Screenshots]
Severity Reference
| Level | Description |
|---|---|
| P1 | Critical - funds at risk, active exploit |
| P2 | High - major impact, immediate response |
| P3 | Moderate - medium impact |
| P4 | Low - minor issues |
| P5 | Info - no action needed |
See Incident-Response-Policy for full definitions.