What the record contains
An incident record includes the submitted narrative, origin organization, campus or zone, occurrence time, visibility scope, tags, classification, reviewer assignment, reported time, operational status, and moderation state. This structure helps a team understand both the event and its current workflow state.
The record should be treated as operational history. Avoid casual discussion that would not help a future reviewer, administrator, or partner understand the event.
Sightings and timeline
Use the timeline to log follow-up sightings, patrol confirmations, witness updates, or later operational observations. A sighting should include what was observed, where it was observed, and when it happened. The timeline is not the place for broad discussion; use comments for discussion and sightings for event updates.
Attachments
Attachments can support the incident record with documents, photos, exported evidence, or other files. Only upload files that are appropriate for the organization to retain and review. Avoid unnecessary sensitive material, and use the smallest file set that supports the operational need.
- Name files clearly before upload.
- Do not upload unrelated evidence just because it exists.
- Remove incorrect attachments promptly if your role allows it.
Record maintenance
- Keep comments factual and concise.
- Use timeline sightings for observed follow-up events.
- Use attachments only when they add operational value.
- Review tags and classification if a report becomes part of a larger pattern.
- Return to the review workflow when facts or visibility need formal moderation.
Comments
Comments appear under the incident body like an issue tracker thread. Use them for reviewer context, clarification notes, operational observations, and decisions that should remain tied to the incident. Comments should explain why something was done, not just that it happened.