POST-EVENT AFTER-ACTION REPORT

[EVENT / OPERATION NAME - AFTER-ACTION TITLE]

Retrospective, evidence-based evaluation of a completed protective operation or protected event: what was planned, what actually happened, what to sustain, what to improve, the root cause of material deficiencies, and the corrective actions. Center of gravity: reconstruct the operation against its plan-of-record and convert observed performance into actionable lessons. It is a planned-event after-action review. It does NOT: cover a crisis/emergency activation or serious incident after-action (Post-Crisis After-Action Report); produce a forward-looking pre-event threat or risk assessment (Event Threat & Risk Assessment / Venue Security Survey / Protective Advance Survey & Recce Report); or conduct a forensic incident/criminal investigation (→ dedicated investigation; this report evaluates the operation, it does not adjudicate fault for disciplinary or legal liability). It assesses systems, decisions, and procedures - not individual blame.


Document Control

FieldEntry
Report Reference[REF-YYYY-###]
Date of Report[ ]
Classification / Handling[e.g., CONFIDENTIAL // CLIENT EYES ONLY]
Client / Sponsor[ ]
Requesting Party[ ]
Event / Operation[ ]
Event Date(s) & Location(s)[ ]
Reporting Period (after-action window)[ ]
Prepared By[ ]
Reviewed By[ ]
Approving Officer[ ]
Version[ ]
Distribution[ ]

State classification/TLP marking. Note that this is an internal evaluative after-action product that may contain candid performance assessment and personal data (from logs, footage, interviews) - handle under data-protection law (GDPR/CCPA as applicable) and the client’s retention policy. Where the event involved an incident that may lead to litigation or a claim, flag potential work-product / privilege and route preparation through counsel and any litigation-hold. Frame all performance findings as non-disciplinary, systems-focused (assess decisions and procedures, not individual fault); any HR/disciplinary or criminal process is separate and governed elsewhere. Reconstruction relies only on lawfully held records and consenting interviews.

Operation Snapshot

One-glance card: the operation, its protective objective, headline after-action outcome, count of incidents/deviations by severity, and the single highest-priority corrective action - all [ ] placeholders, no findings.

FieldEntry
Protected Principal(s) / Asset[ ]
Protective Objective[e.g., the stated end-state the operation existed to achieve]
Headline After-Action Outcome[e.g., objective met / met-with-exceptions / not met]
Incidents & Deviations[ ] (Critical [ ] / High [ ] / Elevated [ ] / Moderate [ ] / Low [ ])
Highest-Priority Corrective Action[ ]
Overall Analytic Confidence[e.g., HIGH / MODERATE / LOW]

Table of Contents

Numbered to the sections below; page numbers populate on export to Word/PDF.

  1. BLUF
  2. Executive Summary
  3. Key Judgments
  4. Priority Intelligence Requirements (PIRs) - Reconstruction
  5. Event Overview & Operating Parameters
  6. Objectives & Plan-of-Record
  7. Timeline / Reconstructed Sequence of Events
  8. Execution Assessment by Function
  9. Incidents & Deviations Register
  10. Sustainments (What Worked)
  11. Deficiencies & Gaps (What to Improve)
  12. Root-Cause Analysis
  13. Verified Reconstruction Summary
  14. Red Flag / Systemic-Risk Indicators
  15. Analysis of Competing Hypotheses (ACH)
  16. Key Assumptions Check (KAC)
  17. Reconstruction Gaps & RFIs
  18. Lessons Learned & Recommendations (Corrective-Action Plan)
  19. Annex A - Sources & Methodology
  20. Appendices

1. BLUF

2–3 sentences, most important after-action finding first: whether the protective objective was met, the most consequential deficiency observed, and the single highest-priority corrective action. No new analysis below it.

[ ]

2. Executive Summary

The purpose of the after-action review and its scope; a concise narrative of the operation’s outcome - what went well at altitude, the material deficiencies, and the corrective direction - deferring detail to the body.

[ ]

3. Key Judgments

The 3–6 load-bearing after-action judgments. Frame each as an assessment of whether an observed strength/deficiency is systemic and its likelihood of recurrence absent action. Likelihood (of recurrence) and Analytic Confidence (in the evidence base) are SEPARATE columns - never combined (ICD 203). Each carries a change indicator.

#Key JudgmentLikelihood (recurrence absent action)Analytic ConfidenceChange Indicator (what would shift this)
KJ-1[ ][e.g., likely / probable (55–80%)][e.g., MODERATE][ ]
KJ-2[ ][ ][ ][ ]
KJ-3[ ][ ][ ][ ]
KJ-4[ ][ ][ ][ ]

4. Priority Intelligence Requirements (PIRs) - Reconstruction

The questions the after-action review must answer to reconstruct and evaluate the operation, decomposed PIR → Indicator → source (logs, footage, comms records, interviews). Each PIR carries an answer/evidence/confidence row plus the summary matrix.

  • PIR-1: [e.g., What was the actual sequence and timing of the principal’s movements versus the planned schedule?]
    • Indicators / source records: [ ]
    • Answer / Evidence: [ ]
    • Analytic Confidence: [ ]
  • PIR-2: [ ]
  • PIR-3: [ ]
PIRStatus (answered / partial / open)Key EvidenceConfidenceResidual Gap → RFI
PIR-1[ ][ ][ ][ ]
PIR-2[ ][ ][ ][ ]
PIR-3[ ][ ][ ][ ]

5. Event Overview & Operating Parameters

Describe the event/operation as executed: nature and scale, location(s) and venue posture, principal(s) and party, dates/duration, threat context in effect, force/asset composition, and the partner agencies/vendors involved. The factual baseline the evaluation rests on.

ParameterDetail
Event Type / Scale[ ]
Location(s) / Venue Posture[ ]
Principal(s) / Protected Party[ ]
Threat Context in Effect[ ]
Force / Asset Composition[ ]
Partners / Vendors / Liaison[ ]

6. Objectives & Plan-of-Record

State the operation’s protective objectives and the plan as approved (the baseline against which execution is measured): concept of operations, key control measures, contingency triggers, and success criteria. Deviations in §9 are measured against this.

Planned ElementPlan-of-RecordSuccess Criterion
[e.g., concept of operations][ ][ ]
[e.g., movement/route plan][ ][ ]
[e.g., contingency triggers][ ][ ]

7. Timeline / Reconstructed Sequence of Events

Reconstruct the operation chronologically from graded source records: each key event, the time, what occurred, and the source basis (with reliability grade). Mark deviations from the plan and decision points. This is the spine the function-by-function assessment references.

TimeEvent / ActionPlanned vs ActualSource Basis (grade)Note / Deviation Ref
[ ][ ][e.g., on-plan / deviation][ ][ ]
[ ][ ][ ][ ][ ]

8. Execution Assessment by Function

Evaluate each protective function against its plan: what was planned, what happened, and the assessment (effective / effective-with-exceptions / deficient). Cover the standard functions - adjust to the operation. Cross-reference incidents to §9 and deficiencies to §11.

FunctionPlannedActualAssessmentCross-Ref (§9 / §11)
Advance & Site Preparation[ ][ ][ ][ ]
Access Control & Screening[ ][ ][ ][ ]
Close Protection / Detail[ ][ ][ ][ ]
Movement & Transport[ ][ ][ ][ ]
Communications & Coordination[ ][ ][ ][ ]
Medical & Emergency Readiness[ ][ ][ ][ ]
Contingency / Incident Response[ ][ ][ ][ ]
Liaison (LE / venue / partners)[ ][ ][ ][ ]

9. Incidents & Deviations Register

Log every incident, near-miss, and deviation from the plan. Score each on Likelihood (of recurrence absent action) × Impact (consequence had it / did it fully materialize), and rate severity. Score cells are EMPTY placeholders - this is a blank form. Use the verbatim risk-scoring key in Annex A.

IDIncident / DeviationFunction (§8)Likelihood (1–5)Impact (1–5)Score (1–25)Severity BandImmediate Action Taken
I-1[ ][ ][ ][ ][ ][ ][ ]
I-2[ ][ ][ ][ ][ ][ ][ ]
I-3[ ][ ][ ][ ][ ][ ][ ]

10. Sustainments (What Worked)

Document the practices, decisions, and capabilities that performed well and should be retained/codified. Each entry: what worked, why (the enabling factor), and how to institutionalize it.

#SustainmentEnabling FactorHow to Institutionalize
S-1[ ][ ][ ]
S-2[ ][ ][ ]

11. Deficiencies & Gaps (What to Improve)

Document each material deficiency or capability gap observed. Each entry: the deficiency, its observed/potential consequence, and the function affected. Root cause is developed in §12; corrective action in §18.

#Deficiency / GapObserved / Potential ConsequenceFunction Affected→ Root Cause (§12)
D-1[ ][ ][ ][ ]
D-2[ ][ ][ ][ ]

12. Root-Cause Analysis

For each material deficiency, drive past the symptom to the root cause (e.g., people / process / equipment / information / coordination / external). State the analytic basis and confidence; avoid attributing systemic failures to individual error where a process gap is the true cause.

Deficiency (§11)SymptomRoot Cause (category + statement)BasisConfidence
[ ][ ][ ][ ][ ]

13. Verified Reconstruction Summary

Roll up the key reconstructed facts with a verification status (verified by multi-source/footage/log / unverified / contradicted), source grade, confidence, and materiality to the evaluation. Distinguish established fact from inference.

Reconstructed FactStatus (verified / unverified / contradicted)Source GradeConfidenceMateriality
[ ][ ][ ][ ][ ]

14. Red Flag / Systemic-Risk Indicators

Indicators that a deficiency is systemic rather than one-off, or that risk is trending (e.g., a recurring deviation, a control that failed silently, a near-miss masked by luck). Provide the flag table, type definitions, and a severity rollup.

FlagTypeBasis (cross-ref §)Severity
[ ][ ][ ][ ]

Indicator-type definitions: [e.g., define each flag type used above].

15. Analysis of Competing Hypotheses (ACH)

Apply ACH to a contested root cause or a disputed account of a key incident (e.g., “the access-control lapse at [time] resulted from H1 staffing / H2 procedure / H3 equipment”). Weigh the evidence for/against each hypothesis and identify the most diagnostic evidence.

Evidence / IndicatorH1: [ ]H2: [ ]H3: [ ]
[ ][e.g., consistent / inconsistent / N/A][ ][ ]
[ ][ ][ ][ ]

Most diagnostic evidence: [ ]. Hypothesis assessment: [ ].

16. Key Assumptions Check (KAC)

Surface the assumptions underpinning the reconstruction and evaluation (completeness of records, reliability of recollection, representativeness of this event, that the plan-of-record was the actual approved baseline). For each: basis, confidence, and impact if wrong.

AssumptionBasisConfidenceImpact if Wrong
[ ][ ][ ][ ]

17. Reconstruction Gaps & RFIs

Where the after-action picture is incomplete (missing footage, un-interviewed personnel, gaps in comms logs). State the gap, its impact on the evaluation, the recommended collection, and priority.

GapImpact on EvaluationRecommended CollectionPriority
[ ][ ][ ][ ]

18. Lessons Learned & Recommendations (Corrective-Action Plan)

Convert deficiencies and root causes into prioritized corrective actions and codify sustainments. Each item: the lesson, the corrective action, the named owner, target date, and how completion is verified. This is the operational output of the report.

PriorityLesson LearnedCorrective ActionOwnerTarget DateVerification of Closure
[ ][ ][ ][ ][ ][ ]

Recommendations are advisory; implementation and any policy/training change route through the client’s accountable owner.


Annex A - Sources & Methodology

State the after-action methodology (records reviewed, interviews conducted under consent, the evidence-grading approach); the source register graded with the Admiralty two-axis code; and the explicit likelihood-vs-confidence separation statement. Reproduce the reference scales below verbatim.

Reconstruction methodology: [Describe the records and interviews used, the reconstruction and verification standard, the non-disciplinary/systems-focused framing, and the data-protection handling.]

Source register (graded):

#Source / RecordTypeDateReliability (A–F)Credibility (1–6)Notes
[ ][ ][ ][ ][ ][ ][ ]

Source reliability (Admiralty, A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged.

Information credibility (Admiralty, 1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged. (Each sourced datum carries a two-character grade, e.g., B2.)

Estimative probability / likelihood (ICD 203): almost no chance / remote (01–05%) · very unlikely / highly improbable (05–20%) · unlikely / improbable (20–45%) · roughly even chance (45–55%) · likely / probable (55–80%) · very likely / highly probable (80–95%) · almost certain / nearly certain (95–99%).

Analytic confidence (evidence base, separate from likelihood): HIGH (multiple independent reliable sources, primary documentation, no significant contradiction) · MODERATE (some corroboration, gaps, minor unresolved inconsistency) · LOW (single / uncorroborated source, significant gaps, plausible alternatives open). Never combine a likelihood term and a confidence level in the same sentence.

Risk scoring: Likelihood (1–5) × Impact (1–5) = 1–25; key: 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.

Identity-resolution confidence: Confirmed / Probable / Possible / Unresolved, with the matched identifiers stated - disambiguation is explicit, never assumed.

Appendices

Attach: B - Personnel & Role Index (roles, not blame); C - Full Source/Record Register; D - Evidence Archive & chain-of-custody pointer (logs / footage / comms records held lawfully); E - Plan-of-Record Reference; F - Glossary; G - Revision History.

  • Appendix B - Personnel & Role Index: [ ]
  • Appendix C - Full Source / Record Register: [ ]
  • Appendix D - Evidence Archive & Chain-of-Custody Pointer: [ ]
  • Appendix E - Plan-of-Record Reference: [ ]
  • Appendix F - Glossary: [ ]
  • Appendix G - Revision History: [ ]

Verification disclaimer: this after-action report reconstructs the operation from lawfully held records and consenting interviews available within the reporting window; it evaluates systems, decisions, and procedures and is not a determination of individual fault, disciplinary liability, or legal causation. Findings are advisory.

Document Control (footer): [REF-YYYY-###] · Version [ ] · Classification [ ] · Prepared [ ] · Reviewed [ ] · Approved [ ]

END OF REPORT

Model wiring

Generated from cell frontmatter at publish time.