© 2011—2020 by BluTinuity, LLC

The Scribe’s Crucial Role in Your Security Incident Response Team

Like a high-powered machine, an effective Security Incident Response Team (“SIRT”) is comprised of several distinct roles that work in harmony. Not to be confused with your grandmother’s first coffee-running, copy-making, big-shot-answering secretary job, the role of the scribe is fast-paced, engaging, and crucial to minimizing destruction in the midst of disaster.


In the middle of the chaos, maintaining a consistent and accurate story of key details and decisions can prove itself to be very difficult. Countless studies by psychologists and doctors have shown that our memory and ability to recall a completely accurate and detailed timeline is pretty poor at best. It gets increasingly difficult when rapid-fire decisions are being made and the course of action is constantly shifting. When the dust settles, your stakeholders, clients, and the public will be nipping at your heels asking for answers. Will your organization be prepared to present a clear, unified, and accurate description of the disaster and your response in a timely manner? With a well-equipped scribe on your team, you can be! We’ve compiled a list of the scribe’s key responsibilities so your team can be fully prepared to run like a well-oiled machine when a disaster strikes.


The Scribe’s Tips for Success:

  • Maintain complete and accurate record of the actions, key decisions, activities, and status of members of the SIRT

  • Be physically located at the Incident Command Post

  • Be an active member of all status updates (in person or via conference call)

  • Coordinate details to ensure the appropriate tools are in the Incident Command Post that are required for the role (ex. Clean whiteboard, flipcharts, notepads, markers, audio-visual equipment, laptop, etc)

  • Understand and have a copy of the Security Incident Response Plan (“SIRP”) to follow the expected process

  • Keep a timeline of all events during the incident, including date and time

  • Keep a record of all relevant facts of the incident

  • Monitor the situation status at all times

  • Identify which team members will be assigned to which SIRT roles

  • Describe all key decisions made by leaders, especially the Incident Commander

  • Provide external communications to consultants and contractors involved in the incident

  • Provide internal communications to management, employees, or other stakeholders

  • List areas of improvement for future uses of the plan