When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this to record incident response decisions, actions, approvals, communications, evidence decisions, containment, recovery, and closure.
Incident details
| Field | Value |
|---|---|
| Incident ID | |
| Linked event ID | |
| Incident category | |
| Incident manager | |
| Business owner | |
| Legal/privacy contact | |
| Evidence required? | TBD |
| Severity | |
| Status |
Action log
| Time | Owner | Action or decision | Approval needed? | Evidence link | Status |
|---|---|---|---|---|---|
Related notes
- Template
- Iso27001
- Incident management
Note Metadata
Aliases: Incident Action Log
Source: 90 Templates/Incident Response Record.md
Graph-sourced resources
Templates and evidence
Implementer templates
Working artifacts for control owners and operators.
Related Notes
- ISO 27001 A.5.26 - Response to Information Security Incidents
- A.5.26 Audit Evidence Pack
- A.5 Organizational Controls Implementation Guide
- ISO27001-A.5.26 Response to Information Security Incidents
- ISO 27002 Annex A Control Interpretation Map
- Evidence Collection and Chain of Custody Log
- Incident Management Plan
- Templates MOC