Post-incident Review Checklist
Download your post-incident checklist
Please fill out the form below to access your free post-incident checklist download.
About this post-incident checklist
A good post-incident review stops the same problem happening twice. This post-incident review checklist gives operations teams a practical way to capture facts, run a consistent review, set clear escalation triggers, and close out actions with evidence — so you stop guessing and start knowing what needs to change.
What this post-incident review checklist covers
Use this checklist after any incident, near miss, disruption, or exception that matters to safety, service, security, compliance, or performance. It keeps the review focused on learning and prevention, not blame.
- Preparation checks to confirm immediate actions are complete and evidence is secure
- In-process review questions to build a timeline, assess impact, and identify root causes
- Escalation criteria so serious issues are raised quickly and consistently
- Close-out actions with owners, due dates, and follow-up verification
When to use it
Run a post-incident review as soon as it’s safe and practical — while details are fresh and evidence is available. Typical triggers include injuries, customer incidents, equipment failures, security events, stock loss, compliance breaches, or repeated near misses.
How to run a strong review (without the fluff)
Start with facts. Confirm the timeline, what was happening operationally, and what evidence you have. Then move to why it happened: what controls failed, what was unclear, and what pressures were at play.
Be specific about actions. “Remind the team” is not an action. “Update the closing checklist to include X, brief all closers by Friday, and verify with a spot check next week” is an action.
What good looks like
- One clear owner for the review and for every corrective action
- Escalation happens immediately when triggers are met
- Updates to SOPs, checklists, or training are made once and rolled out consistently
- Follow-up checks confirm actions are complete and effective
Want this checklist in Ocasta?
Ocasta replaces “we think it’s fixed” with evidence. Turn post-incident reviews into consistent data, track actions to completion, and spot repeat issues across sites — without relying on memory, emails, or manager relay.
Disclaimer: This checklist is for general guidance only and does not constitute legal, regulatory, health and safety, or professional advice. You are responsible for ensuring compliance with applicable laws, standards, and internal policies.
Included questions
Here's what's included in this post-incident checklist:
Preparation and incident capture (8)
Get the facts straight, secure evidence, and make sure immediate actions are complete before you start the review.
-
Text
Incident reference number
Use the reference from your incident log or ticketing system.
-
Text
Date and time of incident confirmed
Record the start time, end time (if known), and when it was detected.
-
Text
Location and area confirmed
Site, department, and specific area (for example: stockroom, loading bay, aisle 3).
-
Dropdown
Incident type
Pick the closest match so reporting stays consistent across sites.
-
Yes/No
Immediate actions completed and recorded
For example: made area safe, isolated equipment, first aid, customer care, and initial notifications.
-
Yes/No
Evidence secured
For example: CCTV preserved, photos taken, damaged items retained, logs exported, and witness details captured.
-
Person
Review owner assigned
Who is accountable for running the review and closing actions?
-
Text
Review attendees confirmed
List roles/names: on-duty manager, team members involved, H&S lead, security, maintenance, or HR (as needed).
Review in progress (9)
Work through what happened, why it happened, and what needs to change — without blame, and with clear evidence.
-
Yes/No
Timeline created from detection to resolution
Include key decisions, handovers, and any delays.
-
Text
Impact summary recorded
People, customers, operations, cost, downtime, reputation, and compliance impact.
-
Dropdown
Any injury or harm?
Use this to guide escalation and reporting requirements.
-
Text
Which policy/process was in play?
Link to the SOP, checklist, or guidance that should have been followed.
-
Dropdown
Was the process followed?
Be specific. If not, capture the reason (time pressure, unclear steps, missing tools, training gap).
-
Yes/No
Root cause analysis completed
Use a simple method such as 5 Whys. Focus on system causes, not individual blame.
-
Text
Contributing factors identified
For example: staffing levels, training, layout, equipment condition, communication, workload, supplier issues.
-
Text
Controls that failed or were missing
What should have prevented this? (barriers, checks, sign-off steps, alarms, maintenance, supervision).
-
Dropdown
Risk of repeat without changes
Use your best judgement based on evidence and frequency.
Escalation and reporting criteria (7)
Make escalation consistent. If any trigger is met, escalate straight away — don’t wait for the full write-up.
-
Yes/No
Escalate: serious injury, fatality, or medical treatment required
Notify the appropriate senior lead and follow your formal reporting process immediately.
-
Yes/No
Escalate: safeguarding concern or vulnerable person involved
Follow safeguarding and privacy procedures. Limit access to sensitive details.
-
Yes/No
Escalate: police or emergency services attended or were called
Record who attended, incident number, and any instructions given.
-
Yes/No
Escalate: regulatory reporting may be required
If you are unsure, escalate. It is easier to stand down than to miss a deadline.
-
Yes/No
Escalate: major operational disruption
For example: site closure, extended downtime, or inability to trade safely.
-
Yes/No
Escalate: significant financial loss or suspected fraud
Include stock loss, cash loss, chargebacks, or repeated shrink patterns.
-
Text
Escalation notes and who was notified
Names, roles, time notified, and any actions agreed.
Corrective actions and close-out (8)
Turn the review into action. Every action needs an owner, a due date, and a way to prove it happened.
-
Text
Corrective actions agreed
List actions clearly. If an action is ‘retrain’, specify who, what content, and how you’ll confirm competence.
-
Yes/No
Each action has an owner
No owner means no action. Assign a named person for every item.
-
Yes/No
Each action has a due date
Set realistic deadlines and prioritise safety and compliance actions first.
-
Yes/No
Short-term controls put in place (if needed)
For example: isolate equipment, temporary signage, additional supervision, or reduced capacity.
-
Dropdown
Do SOPs, checklists, or training materials need updating?
If yes, list what needs to change and who will update it.
-
Yes/No
Key learnings shared with the right people
Share only what’s necessary and appropriate. Focus on what changes and what to do differently next time.
-
Text
Follow-up check scheduled
When will you verify actions are complete and effective (for example: 7 days, 30 days)?
-
Signature
Review signed off
Sign to confirm the review is accurate, actions are assigned, and escalation has been completed where required.