Incident Management (some businesses also refer to this as emergency management) is the process of managing the immediate response and resolution to an unexpected event that disrupts normal business operations.
Effective Incident Management is critical for minimising the impact of an incident on an organisation and its customers, and for restoring normal operations as quickly as possible.
The following are the four stages of Incident Management that businesses should be familiar with:
1 – Prevent
Obviously, in most cases we want to find ways to reduce the risks and impacts by preventing them entirely. The threat landscape is evolving so quickly, this can almost seem like an impossible task. But there are processes that can help. For example:
- Ensure you have a Risk Management Plan.
- Complete regular risk assessments with that plan.
- Implement controls that arise from the risk assessments.
- This also includes making sure you have emergency equipment installed and regularly maintained
2 – Prepare
Preventing an incident is a good step, but as we know, events can and will happen, so preparation is now the second most important step.
This stage involves creating an Incident Management plan and identifying the resources that will be needed to respond to an incident. This includes creating an incident Management team; identifying key personnel and their roles; establishing triggers, escalations and notification processes; establishing communication protocols; ensuring the logistics are in place to allow the team to respond effectively; and building capability of the responding team members via training and exercising.
Commonwealth Bank of Australia, for example, is well regarded for creating and maintaining an Incident Management plan that includes designating specific employees as incident responders, and providing training on Incident Management procedures. They also conduct regular emergency drills and exercises to ensure that their incident management team is prepared to respond quickly and effectively in the event of an incident.
Preparing well enables you to identify and verify an incident, and determine its impact on your organisation.
What could cause an incident? What could be the extent of the damage and the resources that will be required to resolve it?
In late 2018, Australian National University was hit by a cyber attack. The incident management team quickly identified the cause of the incident as a phishing attack and verified the extent of the damage.
They also determined that research data may have been compromised, and immediately began implementing their Incident Management plan to contain the damage and prevent further breaches.
Despite data being compromised, the Incident Management team’s strong response and recovery can rest on their ability to prepare.
3 – Respond
Although we always hope it doesn’t eventuate to anything, incidents can occur at any time, anywhere. Taking immediate action to contain the incident and prevent it from spreading or increasing in impact is now the focus.
This includes implementing temporary measures to limit the damage; measures to protect people; isolating affected areas, systems and networks; communicating with key stakeholders; continuing operations.
4 – Recover
This stage involves restoring normal operations and returning the organisation to its pre-incident state (or business-as-usual). This includes restoring systems and networks, and providing support to impacted employees and customers.
It is also encouraged to conduct debriefs to support those impacted, conducting post-incident reviews to determine continuous improvement measures, and restoring equipment used during the incident.
In 2011, the Queensland floods affected several businesses operations in the state, especially the transportation and logistics sector. The incident response team quickly restored their services and provided support to impacted customers. They also implemented measures to prevent future flooding damage. An unorganised, unvalidated response plan would not have allowed this outcome to occur. But by following a similar four step strategy, the two sectors were able to get on top of recovery faster than their standard SLAs.
Effective Incident Management is critical for minimising the impact of an incident on an organisation, and for restoring normal operations as quickly as possible. Businesses should be familiar with the four stages of Incident Management, and should have a plan in place to respond quickly and effectively in the event of an incident.