Incident Management 101 – Assessment

This is the first in a series of articles highlighting the critical components of Incident Management.  Every Business Continuity Management program ought to understand the requirements for effective Incident Management, and do the planning needed to assure their organization can respond to any disruption.

When an “Incident” occurs, the only information that is immediately known is that some asset has been impacted or disrupted.  Whether it’s a damaged building, a corrupted IT application, transportation disruption, supplier failure or anything else, this information is the seed around which the Incident response is crafted.  As the incident unfolds over time, more and more assets might become impacted.

A single impacted asset can lead to other downstream dependent assets being impacted as well.  Understanding this casualty chain is critical to effective Incident response. Impaired access to your facility might impact your employees’ ability to work from their regular work-areas, which in turn might impact multiple business operations, which could lead to customer services being disrupted.

Impact Assessment

The first step in the Incident response process is the assessment of impacted assets. The first level assessment should be easy (what is directly impacted?).  But a full Impact Assessment needs to take into consideration the secondary impacts: identifying both upstream and downstream dependencies of those directly impact assets – as well as the casualty chain. Once those impacted assets are catalogued, there must be monitoring and periodic re-assessments of dependent assets must be implemented.

Notifications

Begin notifications:

  • Notify all members of the Incident Management Team
  • Notify the Crisis Management (Public Information) Team
  • Notify & invoke the teams associated with the restoration of impacted assets/operations

These responder teams might be activated to respond to the Incident, or put on standby for later activation. Use of an Automatic Notification System will be greatly beneficial – enabling the use of multiple media (email, voice, SMS, etc.) to reach the responder teams. Most of these systems include a feature which can poll identified responder team members to catalogue their availability to participate in the restoration efforts.

Current Capabilities

Identify the current operational capabilities – based on the impacted assets.  Can the affected business functions be transferred to another site? Can the application be failed over to alternate infrastructure? Can the process improvement team be told to stay at home, so their work area can be temporarily assigned to a more critical operations group?  Can critical supplies be delivered by alternate supplier?  The current capability assessment provides Incident Managers with critical information they need to help determine how to effectively respond.

Time-Sensitive Operations

Review the impacted – and non-impacted – business operations for time-sensitive or ‘peak period’ implications. Identify operations that are critical based on the month-of-the-year, week-of-the-month, day-of-the-week or time-of-day. Events such as financial year-end processing, a critical marketing campaign, the day-end cash settlement process or the launch of a much-publicized product or service, while not categorized as mission critical, might still require an immediate response and recovery.

Allocable Resources

Review the response plans (which are built on ideal conditions & assumptions) and catalogue the minimum resources required for effective restoration.   Identify the resources that are available at the time of the incident which the crisis managers would then allocate to restoring the critical business operations.  These resources may include personnel, work-areas (facilities), IT services, equipment and supplies. Also review available ‘surge’ capacity that could be commandeered as usable resources to aid in the restoration effort.  Examples of these ‘surge’ capacity resources could be unoccupied seats/work-areas in other facilities, skilled personnel who have not been factored in in the planning process, or excess telephone ports that may be used for restoring customer support functions.

Conclusion

The Assessment phase identifies what is impacted and what resources are available to respond to the disruptive incident. Based upon this information Incident Managers can craft a strategy to allocate the resources for execution of critical the business continuity plans.

Upcoming blogs will address the ‘how to’ of more aspects of the Incident Management process.

Related blog:
Incident Manage

SHARE:
Ramesh Warrier

Ramesh Warrier

eBRP Founder and Chief Designer of eBRP Suite, Ramesh is a proponent of constant change, a visionary who believes that the practice of Business Continuity can deliver improved operational efficiency. Ramesh, B.Tech in Electrical Engineering, has nearly 30 years experience in Business & Technology roles. His thoughts are expressed in blogs, white-papers, frequent webcasts and speaking engagements at industry conferences.

Related Posts

Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…
Threats, Impacts, BCPs

Threats, Impacts, BCPs

Within Business Continuity circles there is ongoing debate about the…