What is an IT incident report?
An IT incident report is documentation of an event that disrupted the normal operations of an IT system or had the potential to do so as well as how the situation was handled.
In this context, the term event includes any occurrence with significance for system hardware or software. An incident is an event that must be dealt with to ensure that a system can continue to function.
Most often, an incident is an interruption of an IT service due to some problem, such as a login failure resulting from a corrupted database table. The incidents that receive the most attention tend to be security-related events, such as data breaches.
IT incident reporting is an essential component of incident management. Incident management is an area within IT service management that involves ensuring service is returned to normal as quickly as possible after an incident to minimize its negative impact on the business.
What is the structure of an IT incident report?
The specific structure of an IT incident report varies depending on the organization and the types of systems involved in the incident. However, there are a few basic components that are typically included in an incident report.
This section briefly describes the incident, including when it happened, when it was resolved and its impact. It also summarizes the problem that was the root cause of the incident, such as the number of requests that resulted in errors.
This section identifies the precise times of all related events, including the time zone if relevant. These events should include the first report of the incident, all actions taken to resolve the issue and consequent events, and the time that the incident was resolved.
This section describes the problem that caused the incident in as much detail as possible.
Resolution and recovery
This section describes in detail all actions taken to resolve and recover from the incident, along with when they were implemented. Any results of actions taken should also be described, even if the measures were not effective.
Corrective and preventive measures
This section discusses what measures should be taken to prevent a similar incident in the future, including any recommended changes to systems or procedures. The section should also include any recommended improvements to the organization's incident response system.