Configure Major Security Incident status reports

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configure Major Security Incident status reports

    This feature allows ServiceNow customers to configure, customize, and generate status reports for Major Security Incidents (MSI) throughout their lifecycle. Using the Major Security Incident Management workspace, users with thesnmsi.workspacemanagerrole can create tailored report templates that meet specific business needs, enabling effective communication and tracking of incident remediation progress with stakeholders such as executives and legal teams.

    Show full answer Show less

    Key Features

    • Report Templates: Build and customize templates with sections, subsections, and elements to define report content, layout, and format. Templates support inclusion of fields like report title, user name, summary, date, progress metrics, challenges, and next steps.
    • Report Categories: Preconfigured report types include Executive Email (mobile-friendly), Executive Status Report PDF, and Technical Status Report PDF, each with relevant incident details, progress metrics, and timeline components.
    • Customization Options: Add branding such as logos, customize headers and footers, include visualizations, related lists, and additional information like incident impact and linked incidents.
    • Report Structure: Organize content using report sections, subsections (with alignment options like text side panel, primary, secondary), and subsection elements for detailed visualizations, lists, and free-form text with filtering capabilities.
    • System Properties: Configure default system properties to control the behavior of Major Security Incident Management status reports within the ServiceNow environment.

    Practical Benefits

    • Enables efficient sharing of tailored, comprehensive status updates with diverse stakeholders throughout the incident response process.
    • Supports consistent reporting formats that align with organizational needs, improving clarity and decision-making.
    • Facilitates detailed tracking of incident scope, progress, challenges, and next steps with customizable visual and textual elements.
    • Allows integration of branding and customized elements to maintain organizational identity and professionalism in reports.

    Configure major security incident reports to set up and download the reports according to your business needs throughout the life cycle of the major security incident record remediation process.

    You can build the report templates with a specific format and layout, and customize these reports according to your specific requirements using the Status Reports feature of the Major Security Incident Management workspace.

    A user with the sn_msi.workspace_manager role can create and configure the report templates that outline the type of report information that can be used to generate all the status reports, which can be shared with specific users such as executive stakeholders, legal departments and map those templates to the major security incident records.

    To customize your MSI status reports, you must first set up the report templates using Report Templates. With the help of Report Templates, you can build the report template types, define the report components for those report templates, add additional information, create visualized data to track the scope and progress metrics, add related list data, and generate the status reports.

    The following table describes the default fields provided in all the report template types. You can configure and format the report template based on your requirements using sections, subsections, and its elements:
    Table 1. Status Report components
    Component Type Description
    Report Title Title of the report type. For example, the default format of the report type is: {MSI Number} - {Executive Stakeholder Report} depicted as MSI0001001: Executive Stakeholder Report.
    Name Displays the name of the user who generated the report using the Status Reports section of the Major Security Incident Management workspace.
    Summary Displays a brief summary of the report.
    Date Displays the date on which the report is shared with the concerned recipient.
    Progress Displays the Scope and Progress Metrics such as the linked SIR Incidents, Response Tasks, Supplementary Tasks, External Collaboration, Timeline components, and Recent Timeline Events.
    Challenges This section displays a brief description on the challenges involved throughout the major security incident remediation process.
    Next Steps This section displays a brief description on the next steps involved in resolving the major security incident. For example, the active team subsection in the executive stakeholder report provides you with the information with the next step on the team assignment who is involved in further analysis of the major security incident record.
    Other customizations The report template also provides you with the capability to upload the logo and customize the headers and footers on the report.
    Following are the types of report categories that can be set up and viewed:
    • Executive Email
    • Technical Status Report PDF
    • Executive Status Report PDF
    These reports are configured and available for the user to select, view, and generate the report from the Major Security Incident Management workspace.

    Mobile-friendly Executive Status Reports - Email

    The Executive Status Reports - Email are mobile-friendly status reports that are generated in email format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record.

    Customize and configure the report template features to add additional information to the report.

    Executive Status Reports - PDF

    The Executive Status Reports - PDF are status reports that are generated in PDF format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record.

    Customize and configure the report template features to add additional information to the report.

    Technical Status Reports - PDF

    The Technical Status Reports - PDF are status reports that are generated in PDF format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record, labeled Task updates and labeled activities, based on the assignment group and selected tag label since when the last status report is generated, and additional information such as incident impact and linked incidents.

    Customize and configure the report template to add additional information to the report. The additional information, such as the incident impact, is illustrated in the report, and the remaining part of the report information is similar to the executive reports.

    The report template sections contain various subsections, which describe how you can construct the report subsections and its elements such as:
    1. Branding: Add Branding to your Report Templates
    2. Template Scripts: Use Template Scripts in your Report Templates
    3. Use Visualizations in Report Templates
    4. Use Reports Lists in Report Templates