Skip to main content

Beta Help us improve the SIRF by emailing your feedback to dos-defencesirf@mod.gov.uk.

OFFICIAL SENSITIVE - Personal (When Complete)
Incident Ref.
SIRF Ref.
Alert Ref.

Important

If you have access to MODNET, please access this form via the ‘Security Portal’.

Information submitted through the SIRF must not exceed OFFICIAL-SENSITIVE.
SIRF
Security Incident
Reporting Form
1

Reporter
details
2

Incident
details
3

Location
4

Risk
details
5

Physical / Information
Asset details
6

Related incident /
Interim actions

Submitted

Please click on the icon for help on a particular question.

Your Details

Reporting on behalf of an individual who cannot access this form

Please click on the icon for help on a particular question.

Incident Details

Please click on the icon for help on a particular question.

Where did the incident take place?

Examples of location types are listed below:
  • Army Unit / RAF unit / Naval unit / MOD Site: select if an incident occurred at a MOD base, unit or establishment (this excludes online incidents).
  • Deployed Operations: where the location of the incident cannot be disclosed due to the sensitivity of the location.
  • In transit (e.g., courier, postal system etc.): select if physical assets such as ID cards and CDs are lost in the postal system or where a courier has failed to deliver the item.
  • Online:
    • Intranet: select for incidents which originated on MOD IT infrastructure e.g., email breaches, SharePoint breaches, data spills (when classified information is on the wrong tier, such as SECRET on OS).
    • Internet: where incidents originated from non-MOD systems (e.g. contractor email breaches, phishing emails, hacking).
  • Private transport: select if the incident involves a personal vehicle e.g., if a personal car was broken into and ID cards were stolen.
  • Public location: select the relevant sub-category if the incident occurred in a public area e.g., ID card lost in a bar, unsolicited approach in a public location.

What is the address of the incident?
MAP

Risk details (Confidentiality, integrity & availability)

Please select the Likelihood and Risk for the incident as a whole

Additional Information / Assets

The Additional Information / Asset choices that appear will be influenced by what you selected on the ‘Incident Type’ page. You will not be able to proceed until the fields with * have been completed.

Some ‘Incident Types’ do not require assets. Therefore, the SIRF will not show this selection of fields. In this case click on ‘Continue’.

Please do not combine different types of assets or classifications into one form. If you have two lost USBs, one being OFFICIAL and the other is SECRET, there should be two assets added.

Sanction to be applied

Verify person involved

Pool:
ID:
CPS ID:

Related Incident Numbers
This section allows you the opportunity to include any incident reference numbers which may have been supplied to you.

Attachments (Please do not attach anything that you suspect is malicious or contains malicious content and above OFFICIAL-SENSITIVE)

Interim actions