safety

Security Incident and Use of Force Report

Document a security incident, any use of force, witness accounts, evidence, and immediate response actions in one report. Use it to create a clear internal record, support review, and preserve an audit trail.

Fill it now — Free Get Started

Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Retail · Healthcare · Education · Logistics · Hospitality

9:41

Forms

1 Submission Notice

What are you reporting?

Security incident

Use of force

Both security incident an...

I understand this report may be reviewed by authorized security, HR, legal, o...

Your name Type here…

Your contact email or phone Type here…

2 Incident Overview

Date of incident 📅 mm/dd/yyyy

Time of incident 🕒 mm/dd/yyyy hh:mm

Location Type here…

Incident type Trespass× Theft×

Brief summary of what happened Type your response…

Is there an ongoing safety or security risk?

Yes

3 People Involved

How many people were directly involved? 0

Primary subject role Employee

Description of the primary subject Type your response…

Did anyone appear injured or require medical attention?

Yes

Unknown

4 Use of Force Details

Was any physical force or restraint used?

Yes

Type of force used Verbal de-e...× Guiding hold×

Reason force was used Type your response…

Approximate duration of force or restraint (minutes) 0

Were de-escalation steps attempted before force?

Yes

Not applicable

5 Witnesses and Evidence

Were there witnesses?

Yes

Unknown

Witness statements + Add row

Evidence collected Photos× Video×

Evidence details Type your response…

6 Response and Follow-up

Immediate actions taken De-escalate...× Separated p...×

Was law enforcement notified?

Yes

Police or case number Type here…

Is follow-up required?

Yes

Follow-up notes Type your response…

7 Reporter Attestation

I certify that this report is accurate and complete to the best of my knowledge.

Signature

✏️

Tap to sign

Report date 📅 mm/dd/yyyy

Overview

This Security Incident and Use of Force Report template captures the facts of a security event in a structured way: what happened, who was involved, whether force was used, what witnesses saw, what evidence was collected, and what happened next. It is designed for internal review, supervisor follow-up, and a clean audit trail, not for narrative storytelling.

Use it after incidents such as trespass, theft, threats, disorderly conduct, access-control breaches, or any event where a guard, supervisor, or responder used or considered force. The template works best when the incident is time-sensitive and details need to be preserved before memory fades. It also supports conditional logic, so the use of force section only appears when relevant and the witness/evidence sections can expand as needed.

Do not use this form as a general complaint form or as a substitute for emergency response. If the situation is still active, safety comes first and the report can be completed afterward. It is also not the right tool for collecting unnecessary personal data; follow data minimization and only ask for the fields needed to document the incident. For organizations that need a consistent record of security events, this template helps standardize reporting, reduce missing details, and make follow-up easier to assign and review.

Standards & compliance context

Use data minimization by collecting only the PII needed to document the incident and route the report for review.
If the form is public-facing or accessible to employees with disabilities, follow WCAG 2.1 AA guidance for labels, contrast, keyboard access, and error handling.
For any health-related injury or medical concern, limit collection to the minimum necessary information and avoid unnecessary clinical detail.
If the report may be used in HR or accommodation-related follow-up, include a clear consent or disclosure statement about how the information will be used and stored.
Maintain an audit trail for edits, submissions, and follow-up actions so the report can support internal review and incident tracking.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Submission Notice

This section sets expectations for why the report is being collected, what consent or disclosure applies, and who is submitting it.

What are you reporting? (required)
I understand this report may be reviewed by authorized security, HR, legal, or compliance personnel as needed. (required)
Your name
Optional unless your organization requires identification for follow-up. Collect only if needed.
Your contact email or phone
Optional contact information for follow-up. Do not include more than one method unless necessary.

Incident Overview

This section captures the core facts of the event so reviewers can understand what happened without reading the full narrative first.

Date of incident (required)
Time of incident (required)
Location (required)
Incident type (required)
Brief summary of what happened (required)
Describe the event factually and in chronological order. Avoid opinions or speculation.
Is there an ongoing safety or security risk? (required)

People Involved

This section identifies the subject and any relevant injury or medical concern while keeping the data limited to what is needed.

How many people were directly involved? (required)
Primary subject role (required)
Description of the primary subject
Include only observable details such as approximate age range, clothing, and distinguishing features. Do not include unnecessary PII.
Did anyone appear injured or require medical attention? (required)

Use of Force Details

This section documents whether force was used, why it was used, and whether de-escalation was attempted before escalation.

Was any physical force or restraint used? (required)
Type of force used
Reason force was used
Describe the immediate threat or behavior that led to the intervention.
Approximate duration of force or restraint (minutes)
Were de-escalation steps attempted before force?

Witnesses and Evidence

This section preserves third-party accounts and physical or digital evidence so the report can support later review.

Were there witnesses? (required)
Witness statements
Evidence collected
Evidence details
Describe what was collected, where it is stored, and who has custody.

Response and Follow-up

This section records immediate actions, external notifications, and the tasks that need to happen after the incident.

Immediate actions taken (required)
Was law enforcement notified? (required)
Police or case number
If available, provide the external reference number only. Do not include sensitive personal data.
Is follow-up required? (required)
Follow-up notes

Reporter Attestation

This section confirms the report is complete to the best of the reporter’s knowledge and creates accountability for the record.

I certify that this report is accurate and complete to the best of my knowledge. (required)
Signature
Report date (required)

How to use this template

1. Set up the form fields to match your site policy, marking required fields clearly and using conditional logic so force, witness, and evidence sections only appear when needed.
2. Assign the report to the person who observed or responded to the incident, and make sure they know whether they should enter their name, contact details, or submit anonymously if your process allows it.
3. Record the incident facts first by entering the date, time, location, type, summary, and any ongoing risk before adding opinions or follow-up notes.
4. If force was used, complete the force details with the type, reason, duration, and de-escalation attempts, then attach witness statements and evidence details while the event is still fresh.
5. Document immediate actions, law enforcement notification, case number if available, and any required follow-up so the report becomes the starting point for review rather than a dead-end record.
6. Have the reporter attest to the accuracy of the report, then route it to the appropriate supervisor, security manager, HR, legal, or compliance queue for review and action.

Best practices

Write the incident summary as a factual timeline, not a conclusion about blame or intent.
Use a date picker and time field for incident timing so the record is consistent and searchable.
Keep the subject description limited to what is necessary for identification and response, not unnecessary PII.
Show the use of force section only when force was actually used or attempted, and require de-escalation details when that branch is selected.
Capture witness statements separately from the reporter’s own account so the audit trail stays clear.
Record evidence details at the time of collection, including where each item came from and who handled it.
Add a clear submission notice that explains what happens after the report is submitted and who will review it.
Avoid making every field required; let low-risk incidents submit with only the fields that are truly needed.

What this template typically catches

Issues teams running this template most often surface in practice:

The incident summary is too vague to explain what happened or why force was considered.

The report omits exact time, location, or sequence of events, which makes later review difficult.

Force is documented without a clear reason, duration, or de-escalation attempt.

Witnesses are listed but their statements are missing or too brief to be useful.

Evidence is mentioned without details about what was collected, by whom, or where it was stored.

The reporter forgets to note immediate actions taken after the incident.

Law enforcement notification is recorded without a case number or follow-up path when one exists.

The form collects more personal data than needed instead of using a minimum-necessary approach.

Common use cases

Retail loss-prevention supervisor review

A store supervisor documents a shoplifting confrontation, any physical intervention, witness accounts from staff, and the evidence collected at the scene. The report gives operations and legal teams a consistent record for review.

Hospital security incident log

A hospital security officer records a disruptive visitor event, notes whether restraint or escort was used, and flags any injury or medical concern. The template helps keep the report focused on minimum necessary details.

Campus safety response record

A campus security team logs a disturbance in a residence hall, including the subject description, witness statements, and any police notification. The structured fields make it easier to compare incidents across locations.

Warehouse access-control breach

A logistics supervisor documents an unauthorized entry attempt, the response taken by security, and any evidence such as badge logs or camera references. The report supports follow-up with site leadership and incident tracking.

Hotel guest disturbance escalation

A hospitality manager records a guest disturbance, the de-escalation steps used, and whether outside authorities were contacted. The template creates a clear record for operations, risk, and guest relations review.

Frequently asked questions

When should this report be completed?

Complete it as soon as the scene is safe and the facts can be recorded accurately, ideally the same shift or immediately after the incident. The goal is to preserve details while they are still fresh and to create a reliable audit trail. If the situation is still active, document what is known and update the report later with follow-up notes.

Who should fill out this template?

It is usually completed by the security officer, supervisor, or employee who directly observed or responded to the incident. If multiple people were involved, one person should submit the primary report and others can add witness statements. The form works best when the submitter can identify the subject, describe the event, and confirm what actions were taken.

Does every incident require a use of force section?

No. The conditional logic should only show the use of force fields when force was actually used or attempted. For incidents that involve trespass, verbal threats, property damage, or suspicious activity without force, the report can skip that section and focus on the incident overview, witnesses, evidence, and response actions. This keeps the form aligned with data minimization.

What should be included in witness statements?

Capture each witness’s name or anonymous identifier if appropriate, what they saw, and any direct quotes that matter to the incident. Keep the statements factual and separate from the reporter’s interpretation. If your process allows anonymous submission for sensitive cases, make that option clear before collecting PII.

How does this template support compliance and review?

It creates a structured record of the incident, the response, and the reporter attestation, which helps with internal review, audit trail needs, and follow-up tracking. The form also supports better documentation practices by separating facts, witness accounts, evidence, and actions taken. If your organization has policy or regulatory reporting requirements, this template can be customized to match them.

What are the most common mistakes when using this form?

Common mistakes include vague summaries, missing timestamps, incomplete force details, and failing to document de-escalation attempts. Another frequent issue is collecting too much personal data, such as unnecessary PII, instead of only what is needed for the report. The form should also avoid free-text fields where a date picker, numeric input, or multi-select would produce cleaner data.

Can this template be customized for different sites or industries?

Yes. You can tailor incident types, force categories, evidence fields, and follow-up actions for retail, healthcare, campus security, logistics, or hospitality. Many teams also add site-specific location fields, supervisor escalation rules, or conditional logic for injuries, law enforcement notification, and case numbers. The structure should stay consistent so reports are easy to compare over time.

How should this connect to other systems?

This template can feed incident management, case tracking, HR review, or security operations workflows through integrations or exports. Attachments for photos, video references, and evidence logs are especially useful when the report needs to be reviewed later. If your process includes legal, HR, or compliance review, route the submission to the right queue automatically after submission.

Related templates

Forms

Cruise Ship Maritime Injury and Near Miss Report Form

Document crew injuries and near misses on board a cruise ship with a clear, maritime-specific rep...

Forms

Bloodborne Pathogen Exposure Investigation

Use this Bloodborne Pathogen Exposure Investigation form to document needlestick, sharps, and bod...

Forms

Warehouse Confined Space Entry Permit

Use this warehouse confined space entry permit to authorize entry, document atmospheric testing, ...

Forms

Warehouse Hot Work Permit

A warehouse hot work permit form for approving welding, cutting, grinding, or similar tasks with ...

Forms

Bloodborne Pathogen Exposure Report

Bloodborne Pathogen Exposure Report template for documenting needlestick, sharps, and body-fluid ...

Inspections

Food Safety HACCP Audit

Food Safety HACCP Audit template for checking receiving, storage, prep, cooking, holding, cooling...

Sop

Cash Drawer Open & Count

Cash Drawer Open & Count is the SOP for verifying a drawer, counting the starting bank, recording...

Hr Policy

Anti-Harassment & Anti-Discrimination Policy

Anti-Harassment & Anti-Discrimination Policy template for defining prohibited conduct, reporting ...

Go deeper on the topic

Related concepts

Standard Operating Procedure

A standard operating procedure (SOP) is a documented, step-by-step procedure for a repeatable task — the written version of "how we do this here." Good SOPs...
Workforce Management

Workforce management (WFM) is the operational discipline of getting the right employees, with the right skills, in the right place, at the right time — and...
Daily Huddle

A daily huddle is a brief (10–15 minute) standing meeting held at the start of a shift or workday to align the team on priorities, surface issues, and...
Deskless Worker

A deskless worker is any employee whose job happens without a desk, a company laptop, or a fixed workstation. They're roughly 80% of the global workforce —...

Related guides

Mastering Retail Execution: Enhancing Efficiency with Monitoring & Improved Task Management

Learn how to improve retail execution with smarter task management, real-time monitoring, and frontline communication tools that drive store-level results.
Closing the Accountability Gap in Workforce Operations

See how connected 1:1 tracking, employee audit history, and LMS completion records turn scattered processes into verifiable workforce documentation.
Native Shifts & Schedules for a Unified Frontline Experience - 2026 Winter Release Deep Dive

MangoApps Shifts & Schedules unifies frontline scheduling, time, and leave management in one native platform for faster, simpler operations.
The Best Employee Shift Scheduling Software of 2026

Compare 9 top shift scheduling platforms for 2026—features, pricing, and workforce fit for frontline, retail, healthcare, and enterprise teams.

Ready to use this template?

Get started with MangoApps and use Security Incident and Use of Force Report with your team — pricing built for small business.

Get Started Customize with AI