Incident Management Plan

Incident Management Plan 

Incident Response Structure

A comprehensive incident response structure that has been documented in detail is an organization’s foundational base for responding decisively to business disruptions or impacts on operations, regardless of their contributing risk factors. Such a response framework can be structurally segmented into three principal managerial dimensions for action:

  • Strategic
  • Tactical
  • Operational

The effectiveness of any incident response structure can be gauged by the extent to which the specific concerns within the purview of each of these three dimensions have been addressed. Equally important is an emergency squad with clearly defined tasks, activities and processes that are to be deployed in response to an incident, be it during escalation or control.

For instance, during escalation, an issue is first addressed at the operational level before dealing with tactical concerns. Strategic implications of the issue are tackled in the last and final stage.

Planning Documentation for Business Continuity Management

The order is reversed while bringing a situation under control. Decisions are taken at the strategic level. They are then elaborated at the tactical level. Finally, the plan is executed at the operational level to bring the disruptive impact of the incident under control.

The approach adopted while designing an incident response structure can vary depending on the nature, scale and complexity of an organization’s business operations.

Such an approach – escalating information up the pyramid and pushing decisions down the pyramid – is especially beneficial during the emergency response and incident management stages of a business continuity plan.

Incident Management Plan

The incident management plan is an integral component of the business continuity plan (BCP). Nevertheless, it can also function as a standalone business continuity planning module. The uniqueness of some of its features distinguishes an incident management plan’s capabilities from conventional business continuity plans that tend to focus heavily on the tactical and operational dimensions of crisis planning.

This is because the scope of an incident management plan is primarily focused on the strategic dimension of business continuity planning. It provides the upper management with a blueprint for dealing with the strategic implications of a business disruption. The capabilities of such a response structure can also extend to incidents that do not necessarily fall within the purview of the business continuity plan, such as hostile takeovers or unfavorable publicity, which are not classified as business disruptions. On the other hand, situations such as a nationwide crisis or emergency that have an impact over a wider domain can also be dealt with effectively through incident management plans.

Handling media queries and concerns in the wake of an incident is by and large a strategic activity, although specific aspects can spill over into the tactical dimension.

Some organizations use the terms incident management plan and crisis management plan interchangeably, even while interacting with the press. But it should be noted that, even in generic terms, the implications of a crisis are a lot more severe than those of an incident. Hence, it is highly recommended that the communication an enterprise’s media spokesperson shares with the public be carefully worded in order to avoid misleading and inaccurate inferences of the situation.

Tactical Dimension

Any business continuity plan is predominantly built around the tactical dimension of managerial action. Focus areas include addressing:

  • Disruptions
  • Interruptions
  • Losses incurred from the moment a response is triggered till the moment when business processes are restored

Different tasks and activities are executed in a coordinated manner to restore business. The availability of resources is also prioritized based on the criticality of processes and workflows.

Tactical response also has to do with managing plans that fall within the ambit of the operational dimension. Conflicting issues that might arise while simultaneously executing multiple operational level responses are resolved.

Tactical procedures often influence changes in the organization’s business continuity priorities and methodologies in order to adapt to seasonal conditions, prevailing market trends or even leadership initiatives.

If responding to the incident that has occurred is beyond the scope of the tactical level plan’s capabilities, then the organization’s leadership team steps in to address decision making tasks on key issues.

Operational Dimension

Operational level plans are mainly directed towards resuming business activity as quickly as possible and are spread across three distinct phases, namely:

  • Initial response to an incident
  • Recovery measures that undo the damage and impact caused
  • Restoring operations to ‘business as usual’

Operational level plans are closely aligned with the organization’s resiliency targets and business continuity methodologies.

For business teams directly responsible for the enterprise’s infrastructural capabilities, operational level plans facilitate a framework for getting services up and running or making backup locations available from where other business units can be recovered. Plans at this level also focus on restoring second in line services such as human resources that can play a crucial role during business recovery by providing specialized inputs.

Sequence of execution

Strategic, tactical and operational responses need not necessarily be deployed simultaneously. The order in which different plans under the three managerial divisions are executed largely depends on the incident that has occurred. Response teams that function at the strategic level are the first to withdraw, followed by squads at the tactical level. Operational level teams continue to work till the incident has been brought to a complete close.

Procedural Framework

The enterprise’s response plans across the strategic, tactical and operational dimension of managerial action are inherently generic and can be adapted to the type, magnitude and complexity of a company’s business processes. Nevertheless, other factors such as corporate hierarchy and organizational culture must also be taken into consideration. Some sample models have been described below:

Small Sized Companies with Single Location

All the plans across the strategic, tactical and operational levels can be deployed simultaneously to facilitate a consolidated response.

Medium Sized Enterprises

In medium sized companies, responses across the three managerial dimensions can be executed as follows:

    • Strategic – an incident management plan that includes leadership guidance and intervention while responding to incidents
    • Tactical – a consolidated plan that provides a pan organization business continuity solution and involves operational level teams as well.
    • Operational – Only the Information and Communications Technology (ICT) segment is excluded owing to its complexity and extensive details. Recovering information and communications technology is a standalone component in the operational dimension that is executed by a specialized, technical squad.

Large Organizations

Large organizations can segregate incident response across the three managerial dimensions in the following manner:

Common attributes include:

  • Strategic – Leadership teams are directly involved in incident management
  • Tactical – Multiple business continuity plans provide a consolidated incident response plan portfolio that collectively covers all the organization’s products, services, solutions and facilities. Each plan is managed by a specialized response squad. Some roles and responsibilities extend into the operational dimension of business continuity planning
  • Operational – Consists of area specific business continuity plans. The tasks and activities of auxiliary divisions such as ICT, Finance, Facilities and HR are handled by specialist squads

Multinational Corporations

In large multinationals with a global presence, response methodologies can be adapted as follows:

Strategic – Leadership teams are directly involved in managing a generic incident management plan that is globally relevant. Territory wise incident management is also leveraged along with specialized response squads for each region

Tactical – Multiple business continuity plans are leveraged to cover all major products, services, solutions and portfolios within a territory. Some roles and responsibilities extend into the operational dimension of business continuity planning

Operational – Business continuity plans are segregated by business unit and include specialized response squads with plans that cater to specific segments of the organization’s operational framework. The tasks and activities of auxiliary divisions such as ICT, Finance, Facilities and HR are handled by specialist squads

Disasters

See for yourself how the application works
Witness our cloud based platform’s security capabilities in action
Play around with the software and explore its features
Compare and choose a solution that’s relevant to your organization
Consult our experts and decide on a pricing mechanism

Request a Demo

Request a Demo