If you decide to use a questionnaire as part of a post incident review, a list of
questions relevant to the security incident is sent to a user-defined list of users, and their
responses are automatically formatted into a post incident report.
While an initial list of questions is provided with the base system, they are customizable. You
can create new categories and add new questions to them, or you can change individual questions
within existing categories. You can also define when certain questions should be asked. There
may be questions you ask only for your Unix servers for example, or only when there is criminal
activity. You can define questions that are asked depending on the answer to another question or
on the value in a field on the form. There can even be questions that are filled in entirely by
querying the ServiceNow database.