Cyber Incident Log
Use this form to document what happened, who was notified, and what actions were taken. Good notes help reduce confusion and preserve important details during an incident.
Incident Details
Date discovered
Time discovered
Reported by
Title / Department
Company / Organization
Primary contact phone
What was first noticed?
Systems, devices, accounts, or locations affected
Initial Response
Was the affected device isolated from the network?
Who performed the isolation?
Was internal IT / MSP notified?
Time notified
Was cyber insurance notified?
Time notified
Immediate actions taken
Contacts
IT / MSP contact name
Phone / Email
Cyber insurance provider / contact
Policy number / Claim number
Law enforcement / legal / other contact
Phone / Email
Incident Timeline
| Date / Time | Person / Team | Observation, action taken, or decision made |
|---|---|---|