All templates

Security Incident and Data Breach Report Intake

Captures a structured first-hand account of a suspected or confirmed security incident — what happened, what systems or data may be affected, and how contained it is — for IT, security, and compliance teams. An AI follow-up interview reconstructs the actual timeline of discovery and response instead of relying on a rushed written summary.

Sample questions

A preview of what’s in the template. Every question is editable before you launch.

14 questions · ~7 min
Q01
Message

Thanks for reporting this. The details you share here go directly to the security and compliance team and help us respond quickly. This takes about 8 minutes — if the incident is still active, please also contact IT/Security through your emergency channel right away.

Q02
Multiple ChoiceRequired

What is your role in relation to this incident?

  • Employee who discovered or experienced it
  • IT / Security staff member
  • Manager of an affected team
  • Third-party vendor or contractor
  • Other
Q03
DateRequired

When did you first notice or suspect something was wrong? (Best estimate is fine.)

Q04
Multiple ChoiceRequired

Which best describes the type of incident?

  • Phishing or social engineering attempt
  • Unauthorized system or account access
  • Malware or ransomware
  • Lost or stolen device
  • Data sent or exposed to the wrong recipient
  • Physical break-in or unauthorized access to premises
  • Other
Q05
Multiple ChoiceRequired

As far as you know, what type of data may have been affected? Select all that apply.

  • Customer personal information
  • Employee personal information
  • Financial or payment data
  • Health records
  • Intellectual property or trade secrets
  • Login credentials or passwords
  • Other
Q06
Long TextRequired

In your own words, what happened? Include what you saw or were told, and any systems, accounts, or locations involved.

Q07
Opinion ScaleRequired

How confident are you that the incident is currently contained (i.e., not actively ongoing)?

Scale: 17
Min:Not confident at allMax:Completely confident
Q08
Multiple ChoiceRequired

Has this incident already been reported to your IT or Security team through another channel?

  • Yes, already reported
  • No, this is the first report
  • In progress / not sure
Q09
Long Text

What actions, if any, have already been taken to contain or address this incident (e.g., password reset, device disconnected, account disabled)?

Q10
AI Interview

Reconstruct the actual timeline of this incident: how it was first noticed, exactly what the respondent did in the minutes and hours after, and who else was told or involved. Anchor on the specific incident type and data categories they selected, and probe any gap between discovery and reporting — ask what caused the delay, if any, and whether the respondent believes the incident could still be active. If they seem unsure about scope, ask what evidence would help them confirm it.

Q11
Rating Scale

How clear was it to you what steps to take when you noticed this incident?

Range: 15
Min:Very unclearMax:Very clear
Q12
Number

Roughly how many individuals or records do you think may be affected? (Enter 0 if unknown or not applicable.)

Q13
Multiple Choice

Which department or team are you part of?

  • IT / Security
  • Operations
  • Sales / Customer Success
  • Finance
  • HR
  • Other
  • Prefer not to say
Q14
Message

Thank you for reporting this promptly. Your report has been logged and routed to the security team for immediate review; you may be contacted for follow-up as part of the incident response process.

What’s included

  • AI follow-ups

    Adaptive probes on open-ended answers that pull out detail a static form would miss.

  • Attention checks

    Built-in safeguards against rushed answers and low-quality respondents.

  • AI-drafted copy

    Wording, ordering, and branching written by the AI — tuned to your research goal.

  • Auto report

    Themes, quotes, and a plain-English summary write themselves once responses come in.

How it compares

We reviewed the closest templates from other survey tools. Here’s what they do well — and where this template goes further.

Why this template

  • Includes an AI follow-up interview that reconstructs the actual incident timeline (discovery, response, containment) instead of relying on a single rushed written summary
  • Combines structured fields (role, incident type, data types affected, confidence in containment, estimated records affected, department) with open-ended narrative questions for full context
  • Captures process signals other tools don't, like whether the incident was already reported through another channel and how clear the reporting steps were, which helps compliance teams spot process gaps
  • Closes with automated logging/routing confirmation messages so the reporter knows their report was received and sent to the right team

Jotform

Security Incident Report Form Template

A standard fielding-ready form template for logging security incidents with typical fixed fields. It's built on Jotform's general form builder and widget ecosystem rather than anything specialized for security/compliance workflows. Good for basic intake but not for reconstructing what actually happened during the incident.

What it does well

  • Fielding-ready template usable immediately
  • Backed by Jotform's broad form-building and integration ecosystem
  • Likely customizable with drag-and-drop fields

Where it falls short

  • Static question set with no adaptive follow-up to probe inconsistent or vague answers
  • No mechanism to reconstruct an incident timeline beyond what the reporter chooses to write
  • No published methodology on how questions were validated for security/compliance use

SurveyMonkey

Security Breach Report Template

A fielding-ready template aimed at capturing breach details in a standard survey format. It leans on SurveyMonkey's general survey infrastructure (skip logic, reporting) rather than anything purpose-built for reconstructing incident timelines. Useful as a quick intake form but limited for deeper investigative follow-up.

What it does well

  • Fielding-ready and quick to deploy
  • Supports basic skip logic for branching questions
  • Benefits from SurveyMonkey's established reporting/dashboard tools

Where it falls short

  • No adaptive AI interview to dig deeper into vague or incomplete incident descriptions
  • Relies on the reporter's own written summary rather than a reconstructed timeline
  • No transparent, published prompt methodology for how follow-up questions (if any) are generated

Typeform

Security Incident Report Form

A conversational-style, fielding-ready form template for reporting security incidents, benefiting from Typeform's polished one-question-at-a-time UX. It's a static question flow, however, with no capability to adaptively probe for missing details like exact timing of discovery or containment steps. Good for a friendly intake experience but not for deep incident reconstruction.

What it does well

  • Polished, conversational one-question-at-a-time UX
  • Fielding-ready template with Typeform's known design quality
  • Likely supports basic logic jumps between questions

Where it falls short

  • No adaptive AI follow-up interview to reconstruct the actual incident timeline
  • No automated per-response quality scoring to flag vague or incomplete reports
  • No published prompt-level transparency into how any branching questions are determined

Ready to launch?

Open this template in the editor. Every part is yours to change before the first respondent sees it.