When it comes to incident management, the best defense is a good offense. In order to reduce mitigation and risk, a well-structured incident management plan should be prepared. According to Hannah Snyder, in the article, “The 6 Stages of effective incident management,” there are 6 phases to remember when constructing your pre-incident plan: mitigate risk, prepare, respond, resolve, recover and resume. Snyder explains how to prepare your business for the inevitable and, ultimately, how to mitigate risk.
1. Mitigate risk
First, let’s outline the differences between incident and crisis management vs. business continuity planning.
- Incident management and crisis management: identifying and documenting all hazards that can potentially post a threat to employee life, safety and property.
- Business continuity management: identifying and documenting all hazards that could negatively affect business operations.
Second, in order to reduce the chances of an incident taking place, one must address the various ways to decrease the likelihood or occurrences of such events. Not all risk events can be eliminated or reduced, but an effective incident management plan should be able to, at minimum, provide an outline of how to proceed pre and post incident.
As previously stated, not all events can be identified and properly prepared for.
Take natural disasters as an example. While businesses can identify natural disaster risks or patterns (e.g. flood zones, land/mud slides, earthquakes, hurricanes, and tornadoes), they can’t predict the magnitude, size or frequency. The best way for a business to be well prepared is create an Incident Management Plan (IMP), which details how a business will respond to events, and how often to exercise the plan.
When an incident occurs, the first priority should be to immediately respond to the situation, stabilize and reduce further risk and damage. An Incident Management Response Team (IMRT) should be formed and they are responsible for addressing and managing the event post-incident. Your IMP will outline a step-by-step process of how to proceed in certain events.
After you’ve responded to a situation, in order to recover, stakeholders have to decide the best course of action towards recovery. After the incident has been stabilized, a damage assessment should be performed in order to properly document onsite loss and damages for insurance claims. If systems are down, a reliable communications method should be used in order to keep key members abreast of status updates and progress.
Business continuity plans are leveraged and implemented during the recovery phase. They outline the essential parties needed in order to update the status to “business as usual.” Depending on the event, employees should be physically and psychologically well before returning to work; and, in most cases, business critical operations will be the first to return.
- IT operations
- Human Resources
- Executive Management
There’s one last step before you can fully resume business as usual status. A comprehensive analysis should occur. In the analysis, it should highlight what worked and what didn’t, how to prevent a similar event from happening, identify best practices and how to incorporate them for future use.
When creating your IMP, remember to address all 6 phases of effective incident management. Make sure to distribute your plan to key stakeholders and practice implementing the appropriate procedures. In order to mitigate risk, one must identify all potential hazards to your business and employees, and reduce the chances of an incident from ever occurring.
Do you currently use an Incident Command System or have an Incident Management Plan in place? Please share how it helped your business mitigate risk, below.