Loading...
compliance

Unauthorized Records Disposition Incident Report

Report the unauthorized removal, destruction, or loss of federal records in one structured form. Capture the facts needed for internal review, containment, and NARA reporting under 44 U.S.C. Chapter 33.

Fill it now — Free Get Started
Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Federal Government · Public Administration · Records Management · Compliance

Overview

The Unauthorized Records Disposition Incident Report template is built to document the unauthorized removal, destruction, or loss of federal records in a way that supports internal review and reporting to NARA under 44 U.S.C. Chapter 33. It organizes the report into five parts: the incident overview, affected records, incident details, immediate containment and notifications, and assessment and submission notes.

Use this template when a records event has already happened and you need a consistent way to capture what was lost, when it was discovered, who reported it, what records series were affected, and what was done immediately after discovery. It is especially useful when the facts are still being confirmed and you need to separate known information from suspected causes. The fields for retention schedule reference, record format, sensitive information, evidence preservation, and notified parties help preserve an audit trail without forcing the reporter to write a long narrative.

Do not use this template for routine, authorized disposition completed on schedule, or for general security incidents that do not involve federal records. It is also not the right form if the event is only a draft-level records cleanup with no loss, removal, or destruction. Keep the report focused on the incident itself and collect only the PII needed to route and review the case.

Standards & compliance context

  • The template supports NARA incident reporting by capturing the facts needed to document unauthorized records disposition under 44 U.S.C. Chapter 33.
  • The structure aligns with the minimum-necessary principle by focusing on record identifiers, incident facts, and response actions instead of collecting unnecessary personal data.
  • If any field contains personal or sensitive information, the form should include clear disclosure language and limit access to authorized reviewers only.
  • A complete submission record and attestation help preserve an audit trail for internal governance and external review.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Report Overview

This section establishes who is reporting, when the incident occurred, and what kind of records event needs review.

  • Date the incident was discovered (required)
  • Date reported (required)
  • Reporter name (required)
  • Reporter email (required)
  • Reporter phone
  • Reporting office or program (required)
  • Type of incident (required)
  • Brief summary of what happened (required)

    Describe the incident factually. Avoid speculation and include only information needed for records management review.

Affected Records

This section ties the incident to the correct record series, format, volume, and retention authority so reviewers can assess scope.

  • Record series title (required)
  • Record series number or identifier
  • Record category (required)
  • Record format (required)
  • Approximate volume affected

    Enter the best estimate available, such as number of folders, boxes, files, or records.

  • Retention schedule reference
  • Does the affected material contain sensitive information?

    Select any that apply. Do not include full identifiers or unnecessary PII in the description.

Incident Details

This section explains where the event happened, how it was found, and what is known about the cause and timeframe.

  • Where did the incident occur? (required)
  • How was the incident discovered? (required)
  • Known or estimated timeframe of the incident

    Provide the best available estimate if the exact time is unknown.

  • Suspected cause (required)
  • Describe other cause
  • Detailed incident narrative (required)

    Describe what happened, who was involved if known, what records were affected, and any observed evidence. Do not include unnecessary PII.

Immediate Containment and Notifications

This section documents the response actions, notifications, and evidence handling that protect the audit trail.

  • Immediate actions taken (required)
  • Describe other immediate action
  • Date notifications were made

    If multiple notifications were made on different dates, include the earliest date here and provide details in the narrative.

  • Who was notified? (required)
  • Evidence preserved? (required)
  • Evidence preservation details

Assessment, Review, and Submission

This section captures impact, corrective actions, supporting documents, and the final attestation before submission.

  • Estimated impact (required)
  • Corrective actions recommended or already taken
  • Upload supporting documents

    Attach any relevant logs, screenshots, emails, inventories, or other supporting records. Do not upload files containing unnecessary PII.

  • I certify that the information provided is accurate to the best of my knowledge. (required)
  • Additional notes for the records officer

How to use this template

  1. Start by entering the incident date, discovery date, reporter contact details, reporting office, incident type, and a short summary of what happened.
  2. Identify the affected record series by title, number, category, format, approximate volume, retention schedule reference, and whether the records contain sensitive information.
  3. Describe where the incident occurred, how it was discovered, the known timeframe, and whether the cause is confirmed or only suspected, using conditional logic for any other-cause details.
  4. Record the immediate containment steps taken, the parties notified, the notification dates, and whether evidence was preserved with enough detail to support an audit trail.
  5. Summarize the estimated impact, list corrective actions and follow-up documents, and complete the submitter attestation before routing the report for review or submission.

Best practices

  • Use a date picker for incident and report dates so the timeline is clear and validation is consistent.
  • Mark only truly required fields as required, and use progressive disclosure for follow-up details such as other cause or other immediate action.
  • Capture the record series title and retention schedule reference before writing the narrative so the report stays tied to the correct disposition authority.
  • Separate confirmed facts from assumptions by wording suspected cause and incident details carefully.
  • Document containment actions as soon as they happen, not after the review meeting, so the audit trail is complete.
  • Limit PII to the reporter and necessary responders, and avoid adding unrelated personal data into the incident summary.
  • If evidence exists, note where it is stored and who controls it rather than describing it vaguely in free text.

What this template typically catches

Issues teams running this template most often surface in practice:

The incident type is too broad, making it hard to tell whether the event was loss, destruction, or unauthorized removal.
The known timeframe is missing, which makes it difficult to assess exposure and sequence of events.
The record series is not identified, so reviewers cannot confirm the applicable retention schedule.
Immediate containment actions are described after the fact or not at all, weakening the response record.
The form mixes suspected cause with confirmed cause, which creates confusion during review.
Evidence is referenced but not preserved or logged in a controlled location.
The report includes unnecessary PII in the narrative instead of limiting details to what is needed for routing and investigation.

Common use cases

Agency Records Officer reviewing a shredding error
A records officer uses the form after a box of files was destroyed before the retention review was complete. The report captures the record series, the disposal mistake, and the containment steps needed for follow-up.
Program Manager reporting a lost digital folder
A program office discovers that a shared drive folder containing federal records was deleted without authorization. The template helps document the format, discovery method, and any recovery or notification actions.
Compliance Lead preparing a NARA incident package
A compliance lead consolidates facts from multiple offices into one standardized report before submission. The structured fields make it easier to compare incidents and preserve an audit trail.
Supervisory review after a records move
A supervisor documents records that went missing during an office relocation and notes whether the loss was temporary or permanent. The form keeps the timeline, location, and evidence details in one place.

Frequently asked questions

What incidents should this template be used for?

Use it for unauthorized removal, destruction, or loss of federal records, including paper files, digital records, and mixed-format record sets. It is meant to capture the facts needed for internal review and any required reporting to NARA. If the event is only a routine disposition action completed under schedule, this template is not the right fit. If you are unsure whether the records were federal records, document that uncertainty in the incident summary and review the retention schedule reference.

Who should complete this report?

It is usually completed by the reporting office, records management staff, compliance staff, or a supervisor who can gather the facts quickly. The reporter field should identify the person submitting the report, even if they were not the person who discovered the incident. If your process includes legal, privacy, or security review, those teams can add details before submission. The key is to assign one owner so the report does not stall while multiple people wait to respond.

How often is this form used?

This is an incident-driven template, so it is used whenever a qualifying records disposition event occurs. It is not a recurring checklist or monthly log. Many organizations keep it ready in advance so they can complete it immediately after discovery and preserve details while they are still fresh. That also helps maintain a clearer audit trail.

What information should be collected without over-collecting PII?

Collect only what is needed to identify the incident, the affected record series, the timeframe, the containment steps, and the notification trail. The template supports data minimization by focusing on the record series, volume, format, and sensitivity rather than unnecessary personal details. If names or contact information are needed for follow-up, keep them limited to the reporter and relevant responders. Avoid adding unrelated personal data into the incident narrative.

Does this template support evidence preservation and audit trail needs?

Yes. The structure includes fields for evidence preserved, evidence details, notification dates, and notified parties so the organization can show what was done after discovery. That helps create a defensible audit trail for internal review and any later submission. If attachments exist, list them in additional documents and keep the source files in a controlled location. Do not rely on free-text alone when a dated record or log entry exists.

What are the most common mistakes when using this report?

The biggest mistakes are leaving the incident type too vague, skipping the known timeframe, and failing to distinguish suspected cause from confirmed cause. Another common issue is marking every field as required, which slows reporting and encourages guesswork. Teams also forget to document immediate containment actions or who was notified, which weakens the record. Use conditional logic so follow-up fields appear only when they apply.

Can this template be customized for different offices or record series?

Yes. You can add office-specific routing, record-series lookups, or approval steps without changing the core incident fields. The record series title, number, and retention schedule reference should remain prominent because they anchor the report to the correct disposition authority. If your office handles both paper and digital records, keep the record format field and use progressive disclosure for format-specific details. Avoid adding unrelated fields that do not affect review or submission.

How does this compare with an ad-hoc email report?

An ad-hoc email usually misses key facts, makes follow-up harder, and creates inconsistent documentation across offices. This template standardizes the fields needed for review, containment, and submission notes while keeping the report readable. It also makes it easier to track who reported the incident, what was affected, and what actions were taken. That consistency is especially useful when multiple offices need to compare incidents over time.

Related templates

Forms

FOIA Annual Report Data Compilation Worksheet

Compile the data needed for an agency FOIA annual report in one worksheet. Capture request volume...
Forms

Congressional Inquiry Intake and Privacy Release Tracking Form

Track congressional casework inquiries, privacy releases, assignments, and response deadlines in ...
Forms

FOIA Expedited Processing Request Evaluation Form

Evaluate whether a FOIA requester qualifies for expedited processing based on imminent threat or ...
Forms

FOIA Request Intake and Tracking Log (Federal Agency)

Track each FOIA request from intake to final determination, with deadline monitoring, assignment,...
Forms

FOIA Response Determination Letter Template

Document a FOIA determination letter with request details, release and withholding decisions, app...
Inspections

Cooling Log (135 to 70 in 2hr, 70 to 41 in 4hr)

Cooling log for verifying PHF cool-down from 135°F to 70°F in 2 hours, then to 41°F in 4 more hou...
Sop

Cash Drawer Open & Count

Cash Drawer Open & Count is the SOP for verifying a drawer, counting the starting bank, recording...
Hr Policy

Anti-Harassment & Anti-Discrimination Policy

Anti-Harassment & Anti-Discrimination Policy template for defining prohibited conduct, reporting ...

Go deeper on the topic

Related concepts
  • Lockout/Tagout
    Lockout/tagout (LOTO) is the procedure for controlling hazardous energy — electrical, hydraulic, pneumatic, mechanical, thermal, chemical — before...
  • Job Hazard Analysis
    Job hazard analysis (JHA) — also called job safety analysis (JSA) — is the structured exercise of breaking a work task into sequential steps, identifying the...
  • Near-Miss Reporting
    A near-miss is an event that could have caused injury or damage but didn't — a slip that didn't fall, a load that shifted but didn't drop, a machine that...
  • AI Governance
    AI governance is the framework a company uses to decide what AI tools are allowed to do, who's accountable for their outputs, what data they're allowed to...
Related guides

Ready to use this template?

Get started with MangoApps and use Unauthorized Records Disposition Incident Report with your team — pricing built for small business.

Get Started Customize with AI
Ask AI Product Advisor

Hi! I'm the MangoApps Product Advisor. I can help you with:

  • Understanding our 40+ workplace apps
  • Finding the right solution for your needs
  • Answering questions about pricing and features
  • Pointing you to free tools you can try right now

What would you like to know?

AI-generated responses may not be 100% accurate