A lot of what goes into an incident report depends on your audience; the report you file with the technical teams may differ from the report for customers. Here are some sections I use for an internal report.
Report title
Report author(s) and contact info
Report date
Report summary/brief synopsis
Incident severity (if you have a severity level scheme)
Incident duration
Services impacted
Users/customers impacted
Impact to service level agreement(s)
Incident timeline (including detection and notifications)
Incident details: root cause and analysis
Conclusion: description how the incident will be kept from happening again
Short term/temporary fix(es)
Long term/permanent fix(es)
For internal reports: Action items by team/assignee with applicable tracking/bug numbers
For internal reports: Related incident/ticket numbers
For internal reports: Log excerpts or links to archived logs
I'm keen to see what other people track in their reports!
A lot of what goes into an incident report depends on your audience; the report you file with the technical teams may differ from the report for customers. Here are some sections I use for an internal report.
I'm keen to see what other people track in their reports!
Critical incident report
Header - network information, system information, and severity info 1-5.
5 is system outage.
Observer
Person who observed the incident
Summary
What was observed.
Background
Has this happened before? Why was this found at this time.
Issues
What this impacts and why?
Recommended fixes
How do I fix this?
Audit points
How do I check to see if this is fixed?