How to Write a Security Occurrence Log: Best Practice for Officers

SHARE

Every security team deals with incidents. Disturbances, access requests, equipment faults, visitor logs, shift handovers: the list is long, and the stakes of missing something are high. Many teams still rely on handwritten notebooks, inconsistent formats, or after-the-fact recollections to document what happened on shift.

This occurrence log writing guide covers everything you need to know: what a security occurrence log is, what it should contain, and the best practices officers and managers should follow to keep records accurate, consistent, and useful.

The Daily Occurrence Book (DOB), also called a security occurrence log or shift log, is the standard tool for capturing this information. When used correctly, it creates a reliable, chronological record of everything that happens during an officer’s shift. It protects your team, supports investigations, demonstrates compliance, and keeps management informed.

---

What is a Security Occurrence Log?

A security occurrence log is a chronological record of events, incidents, and activities that take place during a security officer’s shift. It captures everything from routine patrols and access control checks to accidents, suspicious behaviour, and emergency responses.

In physical security, this is most commonly known as a Daily Occurrence Book (DOB), though the format may vary depending on the organisation, sector, or software platform in use.

The log serves multiple purposes:

• It creates an audit trail for incidents and investigations
• It supports shift handovers by giving incoming officers an accurate picture of what happened
• It documents compliance with patrol and inspection schedules
• It provides evidence in the event of disputes, insurance claims, or legal proceedings
• It helps management identify patterns and address recurring issues

To find out more, read our Guide to Daily Occurrence Log for Security & Facilities Teams.

---

What Should a Security Occurrence Log Include?

Every entry in a security occurrence log should capture the following information as a minimum:

• Date and time: Record exactly when the event occurred, not when you wrote it up.
• Location: Be specific. “Main entrance” is better than “front of building”.
• Nature of the event: What happened? A brief, factual description.
• People involved: Names, roles, or descriptions of individuals involved or witnessed.
• Actions taken: What did the officer do in response? Who was notified?
• Outcome: How was the situation resolved, or what is the current status?
• Reporting officer: Full name and badge/ID number of the officer making the entry.

For more significant incidents, the log entry should also reference any associated incident reports, CCTV footage, witness statements, or other evidence.

---

10 Best Practices for Writing a Security Occurrence Log

1. Write entries promptly

The most important rule is timeliness. Log events as soon as possible after they occur, ideally in real time or immediately after the situation is under control. Memory fades quickly, and delayed entries risk missing key details or introducing inaccuracies.

If circumstances prevent immediate logging (for example, during an ongoing incident), note the actual time of the event and the time the entry was made.

2. Use objective, factual language

A security occurrence log is a factual record, not a personal account. Write in plain, neutral language and avoid subjective judgments, assumptions, or emotive descriptions.

Instead of: “The individual seemed drunk and aggressive.”

Write: “The individual was unsteady on their feet, raised their voice, and made verbal threats towards staff.”

Stick to what you observed, heard, or were told. If something is unconfirmed, say so.

3. Be specific and detailed

Vague entries are difficult to act on and can create problems during investigations. Include specific times, locations, names, descriptions, and actions rather than general summaries.

• Bad: “Checked the building.”
• Better: “Completed patrol of floors 1–4 and car park level B. No issues found. 02:15–02:45.”

4. Use a consistent format

Inconsistent logging makes it hard to compare entries, identify patterns, or conduct audits. Whether you’re using a paper book or a digital platform, all officers should follow the same structure, terminology, and level of detail for every entry.

This is particularly important across multi-officer or multi-site operations, where different individuals need to interpret each other’s records.

5. Log routine activities, not just incidents

A common mistake is treating the occurrence log as an incident report only. In practice, routine activities (patrols, access control checks, shift handovers, equipment inspections, visitor sign-ins) should all be logged.

This creates a complete picture of the shift and makes it easier to spot when something was missed or out of the ordinary.

6. Maintain confidentiality

Security occurrence logs often contain sensitive personal data, including names, descriptions, medical information, or details of criminal activity. Officers must handle this information carefully and in line with data protection legislation, including UK GDPR.

Access to the log should be restricted to authorised personnel only. Digital platforms should use role-based access controls to ensure entries are only visible to those who need them.

7. Attach supporting evidence where possible

Where relevant, link or reference supporting materials in the log entry: CCTV timestamps, photographs, incident report numbers, or witness statements. This strengthens the audit trail and makes it significantly easier to reconstruct events during a review or investigation.

8. Ensure legibility

A log entry that can’t be read is worthless. If you’re using a paper DOB, write clearly. If you’re using a digital platform, take care with spelling and formatting.

Digital occurrence log software removes many of the legibility issues associated with paper-based systems, and makes entries searchable, filterable, and easier to share.

9. Review entries regularly

The occurrence log is not just a record: it’s a management tool. Security managers should review entries regularly to identify patterns, follow up on unresolved issues, and check that officers are logging consistently.

Regular reviews also help surface recurring problems, such as a persistent fault in a particular area or a pattern of behaviour from a specific individual, that might otherwise go unnoticed.

10. Train all staff on correct logging practice

Even the best logging system fails if officers don’t use it correctly. All security staff should receive training on what to log, how to write entries, and why the DOB matters, both for the organisation and for their own protection.

Training should cover confidentiality obligations, data protection requirements, and the importance of timeliness and accuracy.

For more information, read our Guide on The Digital Daily Occurrence Book Best Practice

---

Paper DOB vs Digital Occurrence Log: What’s the Difference?

Many security teams still use paper-based Daily Occurrence Books. While these are better than nothing, they come with significant limitations:

• Entries can be lost, damaged, or altered
• Handwriting may be illegible
• Searching for a specific entry is time-consuming
• Sharing records across sites or with management requires physical access or scanning
• There is no automatic timestamp or audit trail

Digital occurrence log platforms address all of these issues. They allow officers to log entries in real time from a mobile device, automatically timestamp every record, and make entries instantly searchable and shareable with authorised personnel.

For multi-site operations, a digital DOB also enables managers to view activity across all locations from a single dashboard, something no paper system can offer.

---

Common Mistakes to Avoid

• Logging after the fact: Delayed entries are less accurate and harder to defend under scrutiny.
• Using vague language: Entries like “patrol completed” with no further detail are not useful records.
• Recording opinions rather than facts: If it’s not observed, don’t write it as fact.
• Skipping routine entries: Gaps in the log are as suspicious as gaps in patrol coverage.
• Treating the DOB as a formality: The log only has value if it’s accurate, complete, and reviewed.

---

Summary

A well-maintained security occurrence log is a cornerstone of professional security operations. It provides accountability, supports investigations, demonstrates compliance, and gives management the information they need to make good decisions.

The best occurrence logs are written promptly, in plain factual language, with consistent formatting and sufficient detail. They cover routine activities as well as incidents, are kept confidential, and are reviewed regularly by supervisors.

Whether your team uses a paper DOB or a digital platform, the principles of how to write a security occurrence log remain the same. Build the habit of accurate, timely logging, and make sure every officer knows why it matters.

• Audits, Checks & Inspections
• Building Resilience
• Case Management
• commercial real estate
• Critical event management
• Daily Occurrence Book
• Data Analysis & Reporting
• Evidence & Investigations
• Health & Safety Management
• Incident Management
• Infrastructure
• Mass Notification
• Patrol Management
• postroom management
• Security & FM Providers
• Tasks & Procedures
• Threat Intelligence