• Home
• > About Us
• > Incident Management

Incident Management

Responding to the Situation

What happens when something disrupts your normal course of business? If you have Business Continuity Plans you may think you're prepared. But plans alone may not equip your organization to manage a disruptive incident.

---

What is Incident Management?

Many organizations have Crisis Management teams and plans in place to manage disruptive events. Most of those plans focus on how the organization will deal with the "image" and outbound communication issues that arise following a disaster, disruption or other crisis. Dealing with the media, customers, investors, employees and the public is vitally important. But that's only one part of the demand your organization will face when a disruptive event occurs.

No matter how or why your business is disrupted - weather, accident, IT outage, or a man-made incident, it will take time, resources and most importantly, information to restore your operations back to business-as-usual. Keeping the recovery time as short as possible will be your first objective. But what will it take to achieve that goal?

Traditionally, Incident Management has followed the command, control and communication model:

• Who is in charge?
• How will your response activities be controlled?
• How will status, issues and commands be communicated among the teams responding to the incident?

Over time, organizations have learned that truly effective Incident Management also requires decision support, collaboration, situational awareness and an underlying foundation of actionable plans that support the ability to take decisive action.

---

Asset-centric Planning

Just having plans doesn't assure you'll be Incident Ready, as the content of those plans may not help support Incident Management needs. What may happen to cause a disruption? You can't predict.

What will be the result of a disruption? People, facilities, technology, business processes, and suppliers (your assets) bear the impact of disruptions. Your plans must be focused on recovering those assets. Even if you have a "worst case scenario" plan, what if the worst case doesn't happen? Will the plan really be useful? Perhaps you have a hurricane plan; but what if the impact of the hurricane doesn't match the assumptions in your plan?

Aligning your plans with your critical assets will assure that you'll be able to take the right actions, for the right purposes, at the right time, no matter what happens.

---

Viable, Actionable Plans

When it comes time to execute a plan, will the Recovery Team really know what to do? Will they understand what their options are? What if someone else had to execute the plan for them (if they're injured, sick or unavailable), will anyone else understand what they need to do? Will Incident Managers be able to judge if the plan's execution is on target or behind schedule?

Viable, actionable plans:

• Can be implemented under any circumstances
• Have sufficient depth that they may be executed by whomever is available
• Promote good decision-making.
• Yield measurable results so Incident Managers can understand the "metrics" of incident status.

---

Decision Support Relies on Information

No Incident Management or Crisis Management team can make decisions or take effective action without the proper facts or information.

• What happened?
• What is impacted (not just directly, but also indirectly)?
• Which plans do we need to invoke, and when?
• Who is available to execute those plans?
• What resources do they need and where?
• Where are excess resources available?
• What progress is being made on executing plans?
• What roadblocks and hurdles stand in the way of recovery?

Those answers are virtually impossible to collect manually on a timely basis. Any worthy Incident Management system must be able to provide answers to these questions. Otherwise, valuable time will slip away during the frantic scramble for information to support good decision-making.

---

Collaboration is a Two Way Process

Depending on the scope of the incident, you may need to invoke 5, 10 even 100 plans or more. Without structured, two-way communication and cooperation among recovery and management teams, the sheer scope of activity can result in chaos.

• Plans can't be executed as if in a vacuum; Incident Managers need control of the sequencing of actions to efficiently control the use of vital resources
• Team leaders need to distribute tasks and assignments among team members - even when they can't meet face-to-face (or perhaps aren't in the same city, or even on the same continent)
• Recovery teams need to be kept abreast of the progress of other teams on whom they depend (e.g. a database recovery team must be informed when the server restoration team completes their tasks)

Relying on phone lines to relay information back and forth between Incident Managers and recovery teams is not always an efficient use of time or resources. And time is critical when you are faced with a crisis. Communication needs to be streamlined and dynamic, feeding information back and forth as tasks are completed.

---

Situational Awareness

When a crisis is in progress and the adrenaline is flowing, everyone becomes so tightly focused on their responsibilities that their perspective can become miopic. But losing perspective can be dangerous. No one operates in a vacuum. Maintaining awareness of the event changes going on outside the CommandCentre is critical.

Has the weather changed? What are the local authorities saying? What about the TV and Internet news outlets? What about your employees, their families and your neighbours?

Keeping abreast of the situation outside your CommandCentre doors will help Incident Managers make better decisions as the incident proceeds, and may be a key to resolving your incident quickly and successfully.

---

Monitoring Requires Total Visibility of the Recovery Process

Effective Incident Management requires the ability to synthesize vast amounts of constantly changing information into easily understandable formats. And it's vital that some of that information be "pushed" to third parties - those not directly involved in resolving or managing the incident - so they don't tie up your Incident Management team's time trying to "pull" information from them.

• How will the Incident Management team keep track of the status of all those simultaneously operating recovery plans?
• How will a Recovery Team get proper attention if they hit a road block in the execution of their plan?
• How will a division or department head know how his or her people (who may be spread across time zones or continents) are faring?
• How will business process owners know when the IT application they are dependent upon will be up and running?
• How will senior managers, board members and other interested constituents be kept informed of the progress of recovery?

If you can't efficiently track the progress of every moving part of the recovery process in real time, your progress will be impaired.

---

The Final Step in the Lifecycle

Many Business Continuity Management programs stop at plan testing. They assume that if they can test plans, they're prepared to execute plans.

Unfortunately, a plan exercise or test is always limited in scope and conducted under controlled circumstances. Why isn't Incident Management the final step in the circle of every organization's BCM lifecycle list?

If the purpose of Business Continuity Planning is preparedness, then Incident Management should be the goal of Business Continuity Management. If your plans aren't viable and actionable, if you're not prepared to provide the decision support, collaboration, situational awareness and two-way communication needs of effective Incident Management, your efforts may have all been wasted.

---

Intelligent Incident Response

When the day-to-day operations of your business or operations are disrupted, will you have the tools, information and capabilities to resolve it efficiently and effectively? You must be able to deploy more than the traditional "command, control and communications" edicts. The key to Intelligent Incident Response is understanding the assets or systems affected, not simply invoking a plan that affects all assets. Without sufficient information for intelligent decision-support, your response may waste valuable time and resources.

The unexpected always happens. Your Incident Management system must provide your Incident Managers with the tools they need for success:

• business intelligence for decision support,
• information for situational awareness,
• two-way collaboration with responders and managers,
• the ability to push information to other involved parties,
• monitoring capability to monitor the status of dozens or hundreds of plans in progress,
• an underlying catalogue of viable, actionable and tested plans that can be strategically implemented to achieve short and long term recovery goals

Today's organizations are too complex for traditional approaches. Long gone are the days where a 500-page three-ring binder can effectively navigate your business out of a disruptive incident.