Page 1 of 1

Incident collection form

Submit this form once per affected information system. Repeat the full form for each system (same URL). Use a clear label (e.g. hostname or asset tag) in the fields below so responders can correlate submissions.

General information

Incident detector's information

Name

Date and time detected

Title / role

Location incident detected

Phone

Email

Additional information

Incident summary

Type of incident detected

Select all that apply.
Type of incident detected

Incident location

Site

Site point of contact

Site phone

Site email

How was the incident detected?

Additional information

Location(s) of affected systems

Date and time incident handlers arrived at site

Affected information system (this submission)

Describe one affected system in this submission. If multiple systems are affected, submit the form again for each system.

System label

Hardware manufacturer

Serial number

Corporate property number

Is the affected system connected to a network?

Is the affected system connected to a network?
A
B

Describe the physical security of the location

Isolate affected systems

Approval to remove from network

Approval to remove from network
A
B

Backup of affected system(s)

Was the last system backup successful?

Was the last system backup successful?
A
B

Name(s) of person(s) who performed the backup

Date and time last backup started

Date and time last backup completed

Backup storage location

Incident eradication

Name(s) of person(s) performing forensics or technical remediation

Was the vulnerability or root cause identified?

Was the vulnerability or root cause identified?
A
B

How was eradication validated?