When something happens on a security post — a trespasser, a theft, an altercation, a medical emergency — your guard’s incident report is your record of what occurred. It is your evidence if a client disputes a claim, your documentation if the police get involved, and your compliance paper trail if an inspector comes calling.
Most security companies have an incident reporting process. Far fewer have a good one. This guide explains how to structure a security incident report, what information every report must contain, and how modern reporting tools are replacing paper forms and email attachments.
Why Incident Reports Matter
A well-written incident report does several things simultaneously:
- Creates a legal record. If an incident leads to a police investigation, civil claim, or insurance query, your report is contemporaneous evidence. Courts and insurers treat written records made at the time of an incident far more seriously than recollections written later.
- Protects your company. If a client claims something was mishandled, your report shows what your guard actually did and when.
- Identifies patterns. Multiple incidents at the same site, at the same time of day, or involving the same individuals can indicate a systemic problem. You will only spot these patterns if incidents are being recorded consistently.
- Supports ACS compliance. The Security Industry Authority’s Approved Contractor Scheme requires companies to demonstrate operational competence. Consistent incident reporting is part of that picture.
What Every Security Incident Report Should Include
Regardless of the type of incident, every report should capture the following:
1. Date, Time, and Location
Be precise. “Monday evening” is not sufficient. “Monday 28 April 2025, 22:47, Car Park B, Unit 14 Industrial Estate, Bristol” is. Include the exact site address and the specific area within the site where the incident occurred.
2. Who Was Involved
Record the full names of all guards present, any individuals involved (where identifiable), and any witnesses. If an individual refuses to give their name, note their description: approximate age, height, clothing, distinguishing features.
3. What Happened — in Chronological Order
Describe events in the order they occurred. Start with what the guard observed, then what they did in response, then the outcome. Avoid assumptions about intent or cause — stick to what was seen, heard, and done.
Good: “At 22:47 I observed a male in a dark jacket attempting to open the rear fire exit from outside. I approached and identified myself. The individual ran north towards the car park entrance and left the site.”
Not good: “A suspicious person was trying to break in and I chased them off.”
4. Actions Taken
What did the guard do? Did they call the police? Detain someone? Administer first aid? Secure an area? Notify their supervisor? Every action should be recorded, including the time at which it was taken.
5. Evidence and Supporting Information
Note any CCTV coverage of the incident, photographs taken, statements given, or property seized. If the incident is likely to require follow-up, flag this clearly.
6. Guard Signature and Badge Number
The report must be attributable. Include the guard’s full name, SIA badge number, and signature (or digital equivalent). This confirms the report was made by a licensed operative.
Common Mistakes in Security Incident Reports
Delayed reporting
Incident reports should be completed as soon as possible after the event — ideally before the end of shift. Memory degrades quickly. Details that seem obvious at 23:00 are harder to recall accurately at 07:00 the following morning.
Vague language
Phrases like “the situation was dealt with” or “appropriate action was taken” are useless in a report. A report should describe specific actions taken at specific times.
Opinions and assumptions
Guards should report what they observed, not what they think it meant. “The individual appeared intoxicated” is an observation. “The individual was drunk and looking for trouble” is an assumption. The former is useful; the latter can cause legal problems.
Missing time stamps
Every action in the report should have a time attached to it. Timelines matter, particularly when incidents are later reviewed by police, solicitors, or insurers.
Inconsistent formats
If every guard reports incidents differently, it is impossible to spot patterns or produce meaningful reports for clients. Standardised report templates solve this.
Incident Report Categories
Not all incidents are the same. A good reporting system lets guards categorise the incident type so management can filter and analyse records effectively. Common categories include:
- Theft or attempted theft
- Trespass or unauthorised access
- Vandalism or criminal damage
- Assault or threatening behaviour
- Medical emergency
- Fire or evacuation
- Suspicious activity (no definitive incident)
- Property damage
- Near miss
Paper Forms vs Digital Incident Reporting
Many security companies still use paper incident report forms. Guards complete them by hand, hand them to a supervisor, and the supervisor files them or scans them for the client.
The limitations of this approach are significant:
- Reports can be lost, damaged, or illegible
- There is no searchable record — finding a specific incident from 18 months ago requires manually searching files
- Reports reach management hours after the incident, not immediately
- There is no automatic notification to supervisors or clients
- Producing a monthly incident summary for a client requires manually reviewing every form
Digital incident reporting solves all of these. Guards complete reports on their phone immediately after an incident. The report goes directly into a central system, supervisors are notified instantly, and management can view all incidents by site, date, category, or guard in seconds.
Incident Reporting in TacDesk
TacDesk includes a digital incident reporting module as part of its guard management platform. Guards file incident reports directly from the app, with structured fields ensuring every report captures the information you need.
Key features:
- Structured report templates — guards complete guided forms rather than blank text boxes, reducing the risk of missing information
- Photo attachments — guards can attach photographs to the report at the time of filing
- Instant notifications — supervisors and managers are notified the moment a report is submitted
- Searchable records — find any incident by site, date, category, guard, or keyword
- Client-ready reports — generate incident summaries for clients directly from the system, without manual compilation
Pricing starts from £1 per guard per month with a lifetime price lock and no setup fees or contracts.
Key Takeaways
- A good incident report is factual, timestamped, and attributed to a named, licensed guard
- Reports should be completed as soon as possible after the incident
- Use specific language — describe what was seen and done, not what was assumed
- Standardised templates ensure consistency and make pattern analysis possible
- Digital reporting gives management real-time visibility and a searchable, auditable record
Speak to TacDesk to see how digital incident reporting works in practice.