Security Incident Report Form Information Security Incident Form Please enter your first and last name, along with the name of your employer. If this is an anonymous report, please enter Security Incident Report into the fieldPlease enter your email address here in the event that follow up is needed. If you wish to anonymously report this incident, please enter the email of a trusted friend or SecurityIncidentReport@intrepidmanageddiscovery.com(Required) Indicate which of the following this report is regarding:(Required) Event (An exception to the normal operation of systems and services, loss or theft of a device) Incident (Violates Intrepid Policy, Procedure, Guidelines/ Best Practices, Code of Ethics, Code of Conduct) Weakness (in security control or system) Date that the event, incident, or weakness was first noticed or occurred(Required) MM slash DD slash YYYY Time that the event, incident, or weakness was first noticed or occurred(Required) Hours : Minutes AM PM AM/PM Briefly describe what prompted you to file this report, in 10 words or less (example: hardware or software malfunction, atypical application behavior, access violation, Misappropriation or theft of information or services, etc.)(Required) If applicable, enter client and matter name Person(s) Involved (unknown, Intrepid employee, client employee, N/A, Multiple, etc)(Required)If more that 3 people are involved, please use the “Description of Reported Incident” to list all parties.Indicate which of the following were impacted (Please choose all items that apply)(Required) Device (laptop, phone, etc) System (Citrix, RelOne, MS App, etc) Data (client, Intrepid, etc) Email Identification of suspected source or causation of Incident or event (Please choose all items that apply)(Required) Theft or loss of a device or credentials (Phone, Laptop, Tablet, User Name, or Password) Malware infection or Ransomware System access violation(s) Modification or destruction of client data or systems that client data is housed in Theft of information due to system breach Pressured into providing information or access Third Party Service Provider Third Party Application Physical Security Breach Phishing Email received regarding Intrepid personnel Phishing or Social Engineering email link clicked Areas of potential impact or suspected damage (if any) Please choose all items that apply(Required) Client Data Information Confidentiality Information Integrity Information Access Citrix System Availability Citrix System Interruption RelativityOne System Availability RelativityOne Service Interruption Malfunction Or Atypical Behavior Of Software Or Hardware MS Office 365 System Availability MS Office 365 Service Interruption Employee device with Intrepid system(s) apps installed Intrepid issued laptop/endpoint device Intrepid Employee Record Confidentiality Intrepid Employee Record Availability Intrepid Reputation with Client Intrepid Reputation within Industry Intrepid System Security No potential impact at this time Incident, violation, and/or weakness occurrence Identification (if applicable) Please choose all items that apply(Required) Ineffective Security Controls System Vulnerability Client Data Exposure Client Data Loss Intrepid Policy Non-Compliance Intrepid Procedure Non-Compliance Intrepid Code Of Ethics Non-Compliance Intrepid Guidelines Non-Compliance Client Service Disruption Client Access Disruption, Client Data Breach Or Exposure Employee Human Error Employee 2 Factor Authentication Not Implemented Or Disabled Employee Data Exposure Employee Data Loss Ineffective Security Controls Intrepid Code Of Conduct Non-Compliance Intrepid Acceptable Use Policy Non-Compliance System Vulnerabilities Third Party Contractor/ Supplier Client Access or Service Disruption Third Party Contractor/ Supplier Client Data Breach or Exposure Third Party Contractor/ Supplier Client Data Loss or Non-availability Third Party Contractor/ Supplier Human Error Third Party Contractor/ Supplier Inadequate/ Ineffective Security Systems and/ or Controls Third Party Contractor/ Supplier Industry Best Practice Non-compliance Third Party Contractor/ Supplier System Vulnerabilities Third Party Contractor/ Supplier Unethical practices or behavior Description of Reported Incident (For theft or loss, please list name of object, describe where and how this event occurred, indicate if a police report was filed, if appropriate. For Internal Intrepid matters, please name of employee and describe occurrence or non-compliance. If reporting security weakness or concern, please provide detailed information, including the system, the weakness, the impact that it may have upon Intrepid or our valued clients.)(Required)