Configure Major Security Incident status reports

  • Release version: Zurich
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configure Major Security Incident status reports

    ServiceNow's Major Security Incident Management (MSIM) workspace enables customers to configure and generate tailored status reports throughout the lifecycle of a major security incident remediation process. This capability helps organizations communicate incident status effectively to various stakeholders such as executives, legal teams, and technical personnel.

    Show full answer Show less

    Key Features

    • Report Templates: Users with the snmsi.workspacemanager role can create and customize report templates that define the format, layout, and content of status reports. Templates can be mapped to major security incident records to generate consistent reports.
    • Customizable Components: Templates include configurable components such as report title, generating user name, summary, date, progress metrics (linked incidents, tasks, collaborations), challenges faced, and next steps in the remediation process.
    • Report Types: Available report categories include Executive Email, Executive Status Report PDF, and Technical Status Report PDF. These reports cover key information like MSI duration, incident scope/impact, team metrics, progress updates, and timeline events, with technical reports providing additional task updates and incident impact details.
    • Formatting and Branding: Reports support customization of headers, footers, and logos to align with organizational branding.
    • Report Structure: Reports can be organized hierarchically using sections, subsections, and elements—enabling detailed layout control and the inclusion of visualizations, lists, and free-form text with filtering options.
    • System Properties: Default system properties are available to control the behavior of the MSIM reporting application, allowing further customization and management.

    Practical Benefits for ServiceNow Customers

    This reporting capability allows ServiceNow customers to:

    • Generate consistent, professional status updates tailored to different audiences throughout a major security incident's lifecycle.
    • Track and visualize key metrics, challenges, and next steps, improving transparency and decision-making.
    • Customize reports to meet specific organizational needs, including branding and data presentation.
    • Automate sharing of status reports in multiple formats, including mobile-friendly emails and PDFs.
    • Leverage role-based access to manage report creation and distribution securely within their teams.

    Next Steps for Implementation

    To leverage this feature, customers should:

    • Assign the snmsi.workspacemanager role to responsible users for creating and managing report templates.
    • Use the Report Templates feature within the MSIM workspace to build and customize report types, sections, subsections, and elements according to their incident management requirements.
    • Configure system properties as needed to tailor the reporting behavior.
    • Map report templates to major security incident records to enable streamlined report generation and sharing.

    Configure major security incident reports to set up and download the reports according to your business needs throughout the life cycle of the major security incident record remediation process.

    You can build the report templates with a specific format and layout, and customize these reports according to your specific requirements using the Status Reports feature of the Major Security Incident Management workspace.

    A user with the sn_msi.workspace_manager role can create and configure the report templates that outline the type of report information that can be used to generate all the status reports, which can be shared with specific users such as executive stakeholders, legal departments and map those templates to the major security incident records.

    To customize your MSI status reports, you must first set up the report templates using Report Templates. With the help of Report Templates, you can build the report template types, define the report components for those report templates, add additional information, create visualized data to track the scope and progress metrics, add related list data, and generate the status reports.

    The following table describes the default fields provided in all the report template types. You can configure and format the report template based on your requirements using sections, subsections, and its elements:
    Table 1. Status Report components
    Component Type Description
    Report Title Title of the report type. For example, the default format of the report type is: {MSI Number} - {Executive Stakeholder Report} depicted as MSI0001001: Executive Stakeholder Report.
    Name Displays the name of the user who generated the report using the Status Reports section of the Major Security Incident Management workspace.
    Summary Displays a brief summary of the report.
    Date Displays the date on which the report is shared with the concerned recipient.
    Progress Displays the Scope and Progress Metrics such as the linked SIR Incidents, Response Tasks, Supplementary Tasks, External Collaboration, Timeline components, and Recent Timeline Events.
    Challenges This section displays a brief description on the challenges involved throughout the major security incident remediation process.
    Next Steps This section displays a brief description on the next steps involved in resolving the major security incident. For example, the active team subsection in the executive stakeholder report provides you with the information with the next step on the team assignment who is involved in further analysis of the major security incident record.
    Other customizations The report template also provides you with the capability to upload the logo and customize the headers and footers on the report.
    Following are the types of report categories that can be set up and viewed:
    • Executive Email
    • Technical Status Report PDF
    • Executive Status Report PDF
    These reports are configured and available for the user to select, view, and generate the report from the Major Security Incident Management workspace.

    Mobile-friendly Executive Status Reports - Email

    The Executive Status Reports - Email are mobile-friendly status reports that are generated in email format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record.

    Customize and configure the report template features to add additional information to the report.

    Executive Status Reports - PDF

    The Executive Status Reports - PDF are status reports that are generated in PDF format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record.

    Customize and configure the report template features to add additional information to the report.

    Technical Status Reports - PDF

    The Technical Status Reports - PDF are status reports that are generated in PDF format. The report section includes a summary of the report, MSI duration column, incident scope/impact, active team metrics, progress metrics, and Timeline components such as the recent timeline events for that specific major security incident record, labeled Task updates and labeled activities, based on the assignment group and selected tag label since when the last status report is generated, and additional information such as incident impact and linked incidents.

    Customize and configure the report template to add additional information to the report. The additional information, such as the incident impact, is illustrated in the report, and the remaining part of the report information is similar to the executive reports.

    The report template sections contain various subsections, which describe how you can construct the report subsections and its elements such as:
    1. Branding: Add Branding to your Report Templates
    2. Template Scripts: Use Template Scripts in your Report Templates
    3. Use Visualizations in Report Templates
    4. Use Reports Lists in Report Templates