Why Incident Management Matters

Throughout its history, the Business Continuity industry has maintained a steady focus on Preparedness – understanding the organization’s most critical business functions (both technological and operational) and development of Plans to respond to any disruption of those critical functions. That makes sense.  How that can be accomplished has been refined and tweaked over time through various ‘standards’ and ‘best practices’. Those activities answer some basic questions:

  • What do we need to protect?
  • How will we prepare to respond to a disruption of those critical functions?

What has always been omitted in that analysis has been the third major question:

  • How will we manage that response?

If you ask 20 BCM practitioners that question you will get a wide variety of answers:

  • Our Crisis/Incident Management Team is responsible for managing it.
  • We have an ICS program in place and have trained our response teams to use it.
  • We’ve had disruptions before, so we know how to handle them.
  • We have an Incident/Crisis Management Plan that takes care of it.
  • Or, occasionally the question is met with a blank stare.

Most of those are very hopeful responses, but none of them actually answer the question. How will we manage the response?  Not who, but how.  When something disrupts your business (private or public) time is crucial.  To react quickly, analyze the situation, implement an effective response, deploy the resources required to implement that response, and monitor the progress of that response effort (and the issues that will inevitably arise) all require access to various forms of information. Will you have access to that information? Let me make an analogy.  Suppose you know you will need to get from Point A to Point B frequently.  You decide to buy an airplane.  I have one I’m willing to sell you. When you go to inspect it, here’s what you realize: there are no controls – no joystick, yoke, or rudder pedals – and no altimeter, compass, airspeed indicator or radio. Would you buy it?  Of course not – because you couldn’t manage it, monitor your progress or communicate from within it. That’s the same crucial defect in most Business Continuity Management programs:  no real capability to manage information or resources, no means to monitor the progress or needs of their response, and limited ability to communicate with responders and stakeholders. So why don’t most BCM programs have a real Incident Management capability?  Usually for one of two simple reasons:

  1. They’ve never had a disruption of any great magnitude, so they don’t know what to expect – or what they’ll need.
  2. They simply believe it will never happen to them, so they choose not to spend the time, money or other resources needed to develop that capability.

Here’s one last question:  why would you spend time, money and resources developing plans but not the capability to manage their response to a business disruption?  (You wouldn’t have bought that airplane from me, would you?)

SHARE:
Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…
Threats, Impacts, BCPs

Threats, Impacts, BCPs

Within Business Continuity circles there is ongoing debate about the…