Dealership Cybersecurity Incident Response Log

Tracks cybersecurity incidents in a dealership environment, documents containment and investigation actions, and supports FTC notification timelines when customer financial information may be involved.

Submission Notice

• Brief incident summary
  Describe what happened in 2-4 sentences. Include only observable facts.
• Reporter name
  Who is submitting this report?
• Reporter contact email
  Used for follow-up questions and audit trail documentation.
• Confidentiality acknowledgement

Incident Details

• Date incident was discovered
• Approximate time discovered
• Incident type
• Affected systems or applications
  Select all that apply.
• Other system details
  Specify any system not listed above.
• Where the incident was detected
  Example: showroom workstation, service desk laptop, remote user account.

Data Impact Assessment

• Did the incident involve customer data?
• Types of PII potentially involved
• Did the incident involve customer financial information?
• Financial information potentially involved
• Estimated number of records affected
  Use your best estimate. Enter 0 if none are known.
• Data exposure status

Containment and Response Actions

• Containment actions taken
• Other containment details
• Is the incident contained?
• Date contained

Notification and Escalation

• Escalated to
• Other escalation details
• Is external notification required?
• Reason notification may be required
• Notification deadline
  Enter the current deadline being tracked by compliance or legal.

Investigation and Review

• Preliminary root cause
• Evidence preserved
• Follow-up actions
  List remediation, monitoring, training, or policy updates needed.
• Reviewer name
  Security or compliance reviewer completing the audit trail.
• Review date