The more we learn about the major incidents in our organisation, the better we understand the risks or threats to the environment. Accurate and factual knowledge about the incidents not only allows the organisation to establish contingency plans, but it also enhances the organisation’s ability to respond faster.

Companies hire professional security firms to mitigate or tackle security incidents that might harm their reputation, operations, or site location. As a result, security providers take the responsibility to be prepared all the time, make prompt decisions, and create detailed security incident reports.

Now you may ask, what is an incident report?

What is an Incident Report and Why is it needed?

An incident report is a formal entry of the facts related to a particular incident. It is the first step

• that triggers an investigation
• supplies further information for the investigation,
• enables a report to be issued that becomes a single reference point’
• and ensures compliance with industry regulations.

Security firms maintain security incident reports for all events that transpire in their operations. No matter how insignificant the incident may seem, it requires the security companies to provide a full record of what took place and when. This increases accountability of the security service provider and creates increased trust between providers and their clients.

Incident reports also highlight the trends or learnings that enable security firms to predict and prepare for future incidents and allocate resources where they are needed most. 

Apart from a detailed description of the incident, other items to include in an incident report are:

• Site or location of the incident
• Witnesses to the incident (if any)
• List of any anomalies that might have contributed to the incident
• Severity or grade of the incident
• Details of the immediate measures taken in response
• Recommendations including future mitigations, immediate follow on actions and reporting requirements

What to cover in an incident report?

The rule of thumb is to gather all the necessary information and create a report that outlines:

• The What:​ To start with, describe the details of the incident in chronological order. Be as descriptive as possible in this section without adding unnecessary information.
• The Who:​ In this part, identify the individuals involved in the incident and how (or if) they were affected. Complete their details with accurate and objective contact information and visual descriptions of the persons.
• The When:​ Include the actual time and date of the incident when it happened. If the time is unknown, use a recognizable timeframe to provide authenticity.
• The Where:​ In this section, provide the address and other pertinent details that are relevant to describe the location. 
• The Why:​ This section may be more subjective than others but always give a rational and objective understanding of the reason behind the incident. The best practice is not to speculate or provide biased information.
• The How:​ In this section, describe as many details as you can regarding how the incident occurred. It is mandatory to include rich media such as photos, videos, and audio recordings, etc. in this section so that there is legal proof of time, location and incident.

Once you are done reporting about the incident, describe the action taken by the security personnel in response to the incident. This may include how an area was secured, made safe or mitigation steps taken (for instance replacing glass in a broken window).

What makes a good security incident report?

An incident report should highlight all the information about the incident and witnesses to the incident. The following are the key elements of a proper report:

Accuracy: Data points mentioned in the report must be correct and free of typo and other human errors. Always proofread the report before submission because a single incorrect detail about witnesses’ names, contact details, or date and time of the event can kill the purpose of the report. To sound more accurate and authentic, provide specific details of the event, and avoid vague and double-meaning statements that lead to any confusion.

Completeness: Never miss out on any detail, no matter how unimportant it may seem. A quick way to ensure is by answering all WH questions (what, where, when, why, and how) one-by-one. For completeness, record not only the cause of the incident but also include details of who witnessed it and what 'might have' caused it.

Factual: The aim of your report should be to provide facts as they happened. Always use a professional tone and avoid any emotional, biased, or one-sided statements that may not provide a full picture of the incident. If you struggle to find both sides of the story, avoid concluding anything from the statements. 

Graphical Representation: A picture is worth a thousand words. Hence use supporting material such as diagrams, images, and graphics as shreds of evidence. Any photos taken at the site location adds clarity and authenticity to the report.

Validity & Reliability: After you finish documenting the report, validate and cross-check the information from those who were involved in the incident. Involved parties can be managers, victims, reports, security guards, etc. Always sign off with the signatures of involved parties to provide authenticity to their testimony. Take photos of any hand written reports to ensure a permanent and shareable record is available. Valid information assists in understanding what happened, reliable information assists in increasing trust and confidence that what is reflected in the report is true.

What Happens After an Incident Report?

Many times, the incident is self-explanatory and does not require any further investigation. Once all the information is gathered in a report and validated with the witnesses, assess whether there is a need for a full investigation. In the security industry an incident report will often result in a police report. Trained and licensed security guards will know when this is required, but an incident report drafted at the time or very soon after the occurrence will be more usable and admissible as evidence in a court proceeding. Reports that have photos and written statements from witnesses are stronger forms of evidence.

In case of an investigation, be prepared to provide further necessary information as per the client's request. Contemporaneous notes and records with real-time incident logs greatly assist in any formal detailed investigation.

​Different Methods of Security Incident Reporting

Security companies globally use different methods to report security incidents. Each method has its pros and cons and how you submit an incident report is entirely up to your organisation’s needs and goals a matter of preference and often driven on the intended use of the report, i.e. is it internal or external distribution, is it for a police investigation, is it an assessment of a potential risk not yet realised?. Still, a ​method or tool to assist in the gathering of critical information can immensely impact the quality of your reports and the speed at which you submit them. Generating them in a consistent format assists users in understanding and accessing the relevant information pertinent to their role (manager, client, guard, member of public).

Three widely used methods of security incident reporting are Pen & Paper method, Wand-based systems & Smart Solutions. Here’s how they differentiate:

Conclusion

A timely and well-written incident report helps you identify the root cause(s) of the incident and respond to any emergency situation. Security Business Sentry comes with a best-in-class incident reporting with features like offline submission where guards can submit the report even with no or low internet connectivity. By revisiting the incident through the report, you have a higher chance to prevent the same incident from happening again. After all, prevention is better than cure.