Don't overlook the importance of security incident reports

June 15, 2021
Creating thorough and well-written SIRs is a critical skill for today's security pros

Let’s start by defining the “professional security incident report” as “a document created by an investigative process that captures the scene of a security incident; that serves as a company or agency historical record; and that accurately describes the facts, identifies evidence, any victims, witnesses, and the actual or suspected participants.” It should include their actions and statements, to support a possible prosecution, a human resources response, or to demonstrate the need for security improvements, process improvements, or policy changes.

These reports can help limit our liability and demonstrate security professionalism. Professional security reports demonstrate our knowledge of the law, company/agency policies, and probable cause, how evidence is collected, and how crimes, incidents, and accidents should be investigated and documented. That’s a long way of saying they have value and should be valued by the organization. 

 Security Incident Reports (SIRs) have legal, historical, evidential, and statistical importance. They help security departments and/or security managers or investigators prove or disprove what happened at a specific time and place. They make it easier for security directors and company or agency leaders to make policy decisions, operational changes, enhance staffing, hiring, protection, and service to the organization.

Report writing is a learned skill. If you’re in a responsible charge security position in an organization, you cannot rely on the educational experiences of security employees alone. They will need guidance, templates, ongoing training, and help on the actual page. (Steve Albrecht has taught reporting writing to police officers and security officers for several decades; there is always a learning curve because it is a different type of writing, not taught elsewhere.) 

Security officers, security supervisors, and security managers need to understand the chain of command for a Security Incident Report. Many eyes will read what gets written. Inside the organization, this could include security directors, guard force supervisors, HR representatives, company/agency attorneys, risk managers, safety officers, company/agency media relations, and senior leadership. Outside the organization, this list gets even longer and could include insurance adjusters, police, prosecutors, judges and juries, expert witnesses, and plaintiffs’ attorneys or civil or criminal defense attorneys. 

Consider the following writing tips and techniques for security department members at every level in the organization:

Use the Triple-A Rule to improve your reports:

1). Keep your average sentence length to about 15 to 20 words. Longer or shorter is okay but this word number guideline always leads to the highest comprehension by the reader. It’s easy to stay at this 15-to-20 words per sentence mark if you stick to one idea or activity per sentence.

2).  Avoid Jargon. Write like you talk and don’t talk like a cop on paper. It’s not a vehicle; it’s a car. Stop writing “I exited my security vehicle and moved in a northwesterly direction toward the main building” when “I got out of my car and walked to the main building” is easier to read. Stop writing “approximately” and just say “about.” Don’t say “I utilized my flashlight” when “I used my flashlight” is better.

3). Write in the active voice. Don’t write, “The office was searched and a loaded gun was found in a desk drawer by me. It was a Glock.” Write this: “I searched the office and found a loaded Glock pistol in the right bottom desk drawer.” Active voice sentences have more power and tend to be shorter. 

Other considerations:

  • Memorize the correct version of these common grammar usage errors and keep them out of your reports: their, they’re, or there; you’re or your; then or than; it’s or its; to or too; further or farther.
  • If your field notes are an inaccurate mess, fix that immediately. See how other security officers create well-organized field notes and copy their approach.
  • Develop shortcuts for field notetaking. If applicable, note the times of arrival for everyone after the incident/accident took place. Circle these letters so you know later who did what, when: V for victim, W for witness, S for Suspect, M for me (you said it, asked it, or did it), C for company, P for Police, F for Firefighters. G for Guards, E for Employee.
  • Little details can have a lot of importance. People involved in security reports may try to claim things later that didn’t happen, get payment for damage that wasn’t there, or file questionable or even false court or insurance claims. Get the names and IDs of all on-scene first responders, the weather and lighting conditions at an accident scene, and the names and contact information for all witnesses. Get serial numbers for stolen equipment. Quote exactly how someone refused medical treatment at the scene. Describe specifically where a vehicle was damaged; don’t just write “front bumper dent.”
  • Know when to ask more open-ended questions (used to get the person to tell his or her story) and fewer closed-ended questions (used to get yes/no answers). “And then what happened?” is an open-ended question. “Is that all you can remember about the event?” is a closed-ended question. Both are necessary, but you’ll get more information using open-ended questions.
  • Know the elements of a crime and make certain those are described as being met by the suspect’s actions in your report. Crimes require intent on the part of the doer. Some events are not crimes: an expensive watch that gets left in the employee restroom and is not there when the owner returns is not a theft case, it’s a lost item.
  • Know the important difference between an eyewitness and an “ear witness.” Some people saw things; other people heard about things from others. It’s a critical distinction in security investigations and subsequent reports.
  • Understand who is the audience reading your report; one of your objectives is to pass along key messages in a manner the reader will easily understand.
  • Readers of your report may include law enforcement, legal counsel, internal audit, insurance, management of the personnel involved as well as many others, all of which we have to assume do not have a law enforcement or similar background to the investigator.
  • What language do the primary readers use? Is the language you are writing in their first language?
  • Does the reader understand your jargon or abbreviations?
  • What structure does the reader prefer? Such as applying their standard template, do they prefer an executive summary?
  • Ensure we have sufficient detail in the report, consider using models like the four C’s and the five W’s plus H: Complete, Clear, Concise, and Correct along with the What, When, Where, Who, Why, and How.
  • Your report is a reflection of your professionalism, so turn on spell and grammar checks if using a computerized application to write your report. Read and re-read your report before submitting, consider both the structure of your report as well as its content. If an ordinary person cannot understand your report, then adjust as necessary to make the report more easily understood.

The stakes are high for poorly written security reports. The rewards for writing truly professional security reports are just as high. Choose your words well.

About the Authors:

Steve Albrecht is a US-based security consultant, trainer, and author, specializing in workplace violence prevention and threat assessment. He can be reached [email protected].

John Cowling is a Dubai-based security practitioner, specializing in security and crisis management. He can be reached at