How long does it take to set up Vigilpost?

Most teams are fully operational within 30 minutes. There is no implementation project, no consultants, and no 90-day onboarding process.

Is my security data kept separate from other companies?

Yes — completely. Every Vigilpost customer gets their own dedicated database. Your incident data and guard logs are never stored in a shared database with other organizations.

Does Vigilpost work on mobile devices?

The web platform works on any device with a browser — desktop, tablet, and mobile. Guards can log incidents and complete tours from their phone.

Is there a contract or minimum commitment?

No long-term contracts. We offer monthly billing with no cancellation fees.

Back to blog

Best Practices8 min readMay 4, 2026

Security Incident Reports: Best Practices for Professional Security Teams

A well-written incident report protects your company, your client, and your guards. Here's what professional security incident reports should include — and the common mistakes that create liability.

Why Incident Reports Matter More Than Most Teams Realize

The incident report is the most important document in physical security operations. When an incident escalates — to a legal dispute, an insurance claim, a regulatory review, or a termination hearing — the written record becomes the primary source of truth.

A well-written incident report protects everyone involved: the guard who responded, the security company that deployed them, and the client whose property was affected. A poorly written one does the opposite.

Despite this, incident reporting is one of the most neglected operational areas in the security industry. Reports are written quickly at the end of a shift, filled with vague language, missing key details, or — worst of all — completed days after the event from memory.

This guide covers what professional incident reports should include, the most common mistakes to avoid, and how modern security operations software makes consistent, high-quality reporting achievable at scale.

The Core Elements of a Professional Incident Report

1. Exact date, time, and location

This sounds obvious, but vague time references ("around midnight" or "late in the shift") are surprisingly common. Reports should capture the exact time the incident was discovered or reported, the exact time the guard responded, and the specific location — not just "the parking lot" but which parking lot, which section, nearest landmark or camera reference point.

2. Involved parties

Every person involved in or witness to the incident should be documented: full name, contact information if available, their role in the incident (subject, victim, witness, responding officer), and a physical description if identity wasn't confirmed.

3. A factual, objective narrative

This is where most reports fail. The narrative should describe what the guard observed and did — not what the guard concluded, inferred, or suspected.

Instead of: *"The subject was clearly intoxicated and causing trouble."*

Write: *"The subject was unsteady on his feet, had slurred speech, and was using profanity toward other patrons. He refused repeated requests to lower his voice."*

The first version contains opinions. The second contains observations. In a legal context, observations hold up; opinions invite challenge.

4. Actions taken

Document every action the guard took in response: verbal warnings issued, physical intervention (if any), notifications made (to dispatch, supervisor, police, client), and the outcome of each action.

5. Evidence and documentation

Note any physical evidence secured, photographs taken, camera footage that should be preserved, or witness statements collected. If you didn't photograph something, note why.

6. Follow-up required

Does the incident require a follow-up visit? A police report reference number? A client notification? Document the expected next steps and who is responsible for them.

7. Supervisor review

Every incident report should be reviewed and approved by a supervisor before it's considered complete. Peer review catches errors, identifies missing information, and ensures the report meets company and client standards.

The Most Common Incident Report Mistakes

Writing from memory hours or days later. The quality of incident documentation degrades rapidly over time. Reports should be started at the scene, or as soon as the immediate situation is stabilized. Digital tools make this possible — a guard can begin a report on their phone while the details are fresh.

Using vague, passive language. "It was reported that..." or "An altercation may have occurred..." create ambiguity that works against you in a dispute. Be specific and active: who did what, when, and where.

Mixing observations with conclusions. Guards are trained to observe and respond, not to adjudicate. Incident reports should contain facts, not verdicts. Leave interpretation to the client, legal team, or law enforcement.

Incomplete subject descriptions. If a subject left before police arrived, the description in your incident report may be the only resource available for follow-up. Document height, weight, hair color, clothing, distinguishing features, and direction of travel.

No chain of custody for evidence. If you secured physical evidence, document who handled it, when, and where it was stored. A chain of custody gap can invalidate evidence in a legal proceeding.

Not notifying the right people. Your company's incident notification protocol should be documented and followed every time. Who gets called when? The answer shouldn't vary by shift or by guard.

How Digital Incident Reporting Improves Quality

Paper incident reports have a fundamental limitation: they're only as good as the person filling them out, with no real-time oversight or quality control.

Digital incident reporting platforms solve this in several ways:

Required fields. You can't submit an incident report without filling in the mandatory fields. This eliminates the "I'll fill in the details later" problem.

Structured data entry. Instead of a blank form, guards select incident type, location, involved party roles, and actions from standardized options. This creates consistent, searchable records instead of free-form text that varies by guard.

Real-time supervisor visibility. Supervisors can see incidents as they're logged, flag incomplete reports, and request clarification while the incident is still fresh.

Photo and media attachment. Guards can attach photos directly to the incident report from their phone, creating a timestamped visual record that's automatically linked to the written report.

Automatic timestamp and attribution. The system records exactly when the report was submitted and by whom, eliminating the "I wrote it at the time, I just filed it later" ambiguity.

Audit trail. Every edit to an incident report is logged — who changed what and when. This is critical if a report is later disputed.

Building a Culture of Quality Incident Reporting

Technology enables better incident reporting, but culture sustains it. The security companies with the best documentation practices share a few common traits:

They treat incident reports as professional documents, not paperwork. Guards who understand the importance of documentation — and have seen how a good report protected a colleague — are more motivated to do it right.

They review reports regularly. Supervisors who review incident reports within 24 hours and provide specific feedback create a feedback loop that improves quality over time. Generic praise ("looks good") doesn't.

They share examples of both good and bad reports (anonymized) during training. Abstract guidance is less effective than concrete examples.

They use technology that makes quality reporting the path of least resistance. When the digital tool is easier and faster than the paper alternative, adoption follows.

The goal is a security operation where a complete, accurate incident report is the automatic outcome of every incident — not a best-case outcome that depends on which guard is on shift.