Timely reporting of incidents is essential to protect staff. It enables staff to receive assistance quickly and ensures that the incident response and its aftermath are effectively managed. Monitoring and analysing incidents also improves understanding of the operating context and decision-making, and ultimately improves programmes.

[toolbox-standout-box]Regular reporting and monitoring of incidents enables organisations to determine where and how the security situation is changing, why it is changing, and what this change means for staff security.[/toolbox-standout-box]

There are typically three types of incident report:

• Immediate incident report – sent immediately or as soon as possible after the incident occurs, normally verbal over the phone or radio, providing a brief summary of what has happened. 
• Incident updates – sent as often as necessary, to provide more information on the incident or situation as it evolves.
• Post-incident report – completed and sent after the situation is stabilised or the incident is over, providing a written account of the incident and actions taken.

Incident reporting should be a component of your security plan, and staff should be provided with clear guidance on what incidents should be reported, to whom, and the mechanism for doing so. 

Following any significant incident, it is important to conduct some analysis to identify possible causes, or to identify factors that may have led to or contributed to the incident. Understanding the motivation or causes behind an incident, whether it was an attack by others or caused by staff not following procedures, is key to future prevention and preparedness.

Records of security incidents should be collated and analysed periodically. Monitoring and analysing incident data will enable you to develop a broader understanding of the security issues affecting staff, so you can make more informed decisions and prioritise resources and training on security.