An IT incident report is documentation of an event that has disrupted the normal operation of some IT system (or that had the potential to do so) and how that situation was handled. In this context, events include any occurance that has significance for system hardware or software, and an incident is an event that must be dealt with to ensure that a system can continue to function. Most often, an incident is an interruption of an IT service, such as a login failure, due to a problem like a corrupted database table. The incidents that receive the most attention tend to be security-related events, such as data breaches.
IT incident reporting is an essential component of incident management, the area of IT Service Management (ITSM) involved with ensuring that service is returned to normal as quickly as possible in the wake of an incident to minimize any negative impact on the business.
Incident reports vary from one organization to another and among the types of systems involved. Here’s a basic example of what should be included in the report:
This section describes the incident briefly and identifies when it happened and when it was resolved, along with the impact, such as the number of requests that resulted in errors and the problem that was the root cause of the incident.
This section identifies the precise times of all related events and list the time zone, if relevant. These events include the first report of the incident, all actions taken to resolve the issue and consequent events and the time that the incident was resolved.
This section describes the problem that caused the incident in as much detail as possible.
Resolution and recovery
This section describes all the actions taken, along with the times when they were implemented, in detail. Any results of actions taken should also be described, even if the measures were not effective.
Corrective and Preventative Measures
This section discusses what measures should be taken to prevent a similar incident in the future, including any changes to systems or procedures that are recommended. The section also includes any recommended improvements to the incident response system.