The problem

Every incident generates work that has nothing to do with security.

Reports to write. Classifications to apply. Notifications to send. Regulatory boxes to tick. Legacy platforms digitized that work — they didn't eliminate it.

Officers still carry the administrative tail from every event they respond to. That time comes from somewhere — and it comes from security.

Reports written twice

Officers narrate the event in the field, then re-enter it into a system. Same information, entered twice, in different formats.

Classification done manually

Someone has to decide what category an incident falls into, whether it's reportable, and who needs to know. That logic should run automatically.

Compliance compiled at year end

Required reports are assembled from operational data that was never structured to feed them. It takes weeks. It shouldn't take minutes.

How it works

One record. From first report to final disposition.

Step 1 — Capture

Structured intake. The officer fills in what matters.

Guided, incident-specific fields mean officers capture the right information the first time. No generic forms. No missing fields to chase down later. The record is complete before the officer leaves the scene.

Incident intake

INCIDENT TYPE

Robbery · Critical

LOCATION

Mac Lot M3 — Stewart

SOURCE

Camera alert

Regulatory reportable

Auto-flagged

Automatic routing

Classified as regulatory reportable

Supervisor notified automatically

Follow-up task created

ASR record updated

All automatic. No one had to remember.

Step 2 — Route

Classification and routing run on the rules you set — not on memory.

Incident type determines what happens next. Reportable events get flagged. Supervisors get notified. Tasks get created. The right people know — based on logic you defined once, not based on whether an officer remembered to call someone.

Step 3 — Notify

The right people know immediately.

Tiered notification logic means your chain of command gets informed based on incident severity and type — not because an officer remembered to make a call.

Step 4 — Close out

Regulatory obligations handled. Automatically.

Required reports aren't something you prepare. They're something Legio has been building all year from your operational data. Review, sign, submit.

What's included

Every capability your incident program needs.

Built for physical security operations — not adapted from a generic case management tool.

Book 30 minutes →

Structured intake

Guided forms for every incident type

Officers see only the fields relevant to the incident in front of them. Mobile-first. Incident-specific. Complete before they leave the scene.

Automatic classification

Reportable events flagged without manual review

Reportable incidents classified automatically. No supervisor manually reviewing every report to decide what needs to go where.

Notification routing

The right people notified. Every time.

Tiered notification rules route alerts to supervisors, leadership, and legal based on incident type and severity — configured once, runs automatically.

Narrative management

Every statement, note, and update in one record

Officer narratives, witness statements, supervisor notes, and follow-up actions all captured in a single chronological record tied to the incident.

Regulatory compliance

Compliance data built from operations, not assembled at year end

Every classified incident feeds the Annual Security Report automatically. The report is ready because the data was always structured to produce it.

Investigations

Incidents that need more get the structure to support it

When an incident requires follow-up investigation, the record is already built. Assign investigators, track tasks, log findings — all tied to the original event.

Audit trail

Every action logged. Nothing missing.

A complete, tamper-evident record of every change, notification, and action taken on every incident — always current, always ready.

The officer tells the story. Legio handles what follows.