Configure Major Security Incident status reports

  • Release version: Yokohama
  • Updated January 30, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configure Major Security Incident status reports

    ServiceNow’s Major Security Incident Management (MSIM) workspace includes a Status Reports feature that enables you to configure, customize, and generate major security incident status reports throughout the incident remediation lifecycle. These reports provide stakeholders such as executives and legal teams with tailored insights into incident progress, challenges, and next steps using predefined or custom report templates.

    Show full answer Show less

    Key Features

    • Report Templates: Users with the snmsi.workspacemanager role can create and configure report templates with specific formats, layouts, and components tailored to your business needs.
    • Customizable Components: Templates include essential sections like Report Title, User Name, Summary, Date, Progress (scope and metrics), Challenges, and Next Steps. Additional customization options include uploading logos and modifying headers and footers.
    • Report Types: Preconfigured report categories include Executive Email (mobile-friendly), Executive Status Report (PDF), and Technical Status Report (PDF). Each report type highlights relevant data such as incident scope, active team metrics, timeline events, and task updates.
    • Flexible Layouts: Reports can be structured using sections, subsections, and elements to organize text, visualizations, lists, and other data. Subsections support alignment and positioning options for clear presentation.
    • Advanced Customization: Utilize template scripts, branding options, visualizations, and report lists to enrich report content. Custom Major Security Incident Response fields can be added to provide comprehensive reporting.
    • System Properties: Default system properties are available to control the behavior of MSIM status reports, ensuring consistent application performance.

    Practical Benefits for ServiceNow Customers

    By configuring major security incident status reports, your organization can:

    • Maintain clear and consistent communication with key stakeholders during incident response.
    • Track and visualize incident progress, challenges, and next steps effectively.
    • Generate professional, branded reports in email or PDF formats tailored to different audiences.
    • Customize reports dynamically to include the most relevant data and metrics for your incident management process.
    • Improve incident transparency and decision-making with detailed, up-to-date status updates.

    Next Steps

    To leverage these reporting capabilities, assign the snmsi.workspacemanager role to appropriate users and begin creating report templates within the Major Security Incident Management workspace. Use sections, subsections, and elements to build reports that align with your organizational requirements. Customize branding, add visualizations, and configure system properties to optimize report output for your stakeholders.

    Configure major security incident reports to set up and download the reports according to your business needs throughout the life cycle of the major security incident record remediation process.

    You can build the report templates with a specific format and layout, and customize these reports according to your specific requirements using the Status Reports feature of the Major Security Incident Management workspace.

    A user with the sn_msi.workspace_manager role can create and configure the report templates that outline the type of report information that can be used to generate all the status reports, which can be shared with specific users such as executive stakeholders, legal departments and map those templates to the major security incident records.

    To customize your MSI status reports, you must first set up the report templates using Report Templates. With the help of Report Templates, you can build the report template types, define the report components for those report templates, add additional information, create visualized data to track the scope and progress metrics, add related list data, and generate the status reports.

    The following describes the default fields provided in all the report template types. You can configure and format the report template based on your requirements using sections, subsections, and its elements:
    Table 1. Status Report components
    Component Type Description
    Report Title Title of the report type. For example, the default format of the report type is: {MSI Number} - {Executive Stakeholder Report} depicted as MSI0001001: Executive Stakeholder Report.
    Name Displays the name of the user who generated the report using the Status Reports section of the Major Security Incident Management workspace.
    Summary Displays a brief summary of the report.
    Date Displays the date on which the report is shared with the concerned recipient.
    Progress Displays the Scope and Progress Metrics such as the linked SIR Incidents, Response Tasks, Supplementary Tasks, External Collaboration, Timeline components, and Recent Timeline Events.
    Challenges This section displays a brief description on the challenges involved throughout the major security incident remediation process.
    Next Steps This section displays a brief description on the next steps involved in resolving the major security incident. For example, the active team subsection in the executive stakeholder report provides you with the information with the next step on the team assignment who is involved in further analysis of the major security incident record.
    Other customizations The report template also provides you with the capability to upload the logo and customize the headers and footers on the report.
    Following are the types of report categories that can be set up and viewed:
    • Executive Email
    • Technical Status Report PDF
    • Executive Status Report PDF
    The above reports are configured and available for the user to select, view, and generate the report from the Major Security Incident Management workspace.

    Mobile-friendly Executive Status Reports - Email

    The Executive Status Reports - Email are mobile-friendly status reports that are generated in email format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record.

    Customize and configure the following report template features to add additional information to the report. A sample executive email status report is shown below for your reference.
    Figure 1. Executive Status Report Email
    Executive Status Report Email

    Executive Status Reports - PDF

    The Executive Status Reports - PDF are status reports that are generated in PDF format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record.

    Customize and configure the following report template features to add additional information to the report. A sample executive report is shown below for your reference.
    Figure 2. Executive Status Report PDF
    Executive Status Report PDF

    Technical Status Reports - PDF

    The Technical Status Reports - PDF are status reports that are generated in PDF format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record, labeled Task updates and labeled activities, based on the assignment group and selected tag label since when the last status report is generated, and additional information such as incident impact and linked incidents.

    Customize and configure the report template to add additional information to the report. A sample technical report that shows the additional information, such as the incident impact, is illustrated below for your reference, and the remaining part of the report information is similar to the executive reports.
    Figure 3. Technical Status Report - PDF
    Technical Status Report PDF
    The report template sections contain various subsections, which describe how you can construct the report subsections and its elements such as:
    1. Branding: Add Branding to your Report Templates
    2. Template Scripts: Use Template Scripts in your Report Templates
    3. Use Visualizations in Report Templates
    4. Use Reports Lists in Report Templates