Principles of Incident Management

The IMP should be designed to follow some simple principles in order to be most effective. The plan should reflect the nature of the business in which the company operates and the risks associated with those activities. The plan should also reflect the challenges and nuances different socioeconomic, climatic, and topographical operating environments may bring, as well as the nature, composition, and spectrum of the user audience and supporting groups—meeting the needs of different levels of management and expertise. The plan should be generic enough to ensure consistency of application, but be tailored sufficiently to meet local needs. It should be designed and developed with as much input and buyin from stakeholders as possible and appropriate, and tested and proven through training and exercises. The IMP is a guideline, and flexibility should be built in and acknowledged to meet unique or new challenges. The IMP should also be correctly resourced and kept live and applicable through scheduled and eventdriven reviews and training exercises. In tactical terms, the following principles should be adopted by IMP users:

§  Always gather accurate facts; never pass on rumor or speculation.
§  Send information quickly and accurately, with regular updates.
§  Use the templates provided; however, adapt and enhance as required.
§  Taking decisive action is often better than delaying a response.
§  Supporting organizations should be notified early to ensure support.
§  Only appropriate persons should represent the company.
§  Information chains and authority parameters should be clear and understood.
§  Sensitive information should flow only to appropriate managers.
§  Primary as well as peripheral or secondary risks and impacts should be identified.
§  Gaps should be identified quickly for resolution.
§  Training and education are important to enable effective implementation.

Incident Management Plan Risk or Threat Overview
It is useful to provide, either within the IMP or as part of a separate threat section (or Risk Registry) within a Business Continuity Management Plan, an introduction to the nature and implications of the threats the IMP has been designed to manage. This section places the response plan in context and should be developed to meet a wide audience's level of expertise. Simple, clear, and focused language should be used to bring an appropriate level of understanding to the threat nature so that the first responder or incident manager understands what questions to ask, how best to utilize the response guidelines, and what impacts may result from a possible threat. This element can be considered an educational or advisory aspect of the IMP; however, it is not intended as a complete review of each risk nature but purely as a usable insight to provide a foundation of understanding. As a risk or threat overview, it provides direction to the design and development of the IMP, as well as educating users in the nature of the problems they may face, and thus places their responses into an understandable context.

Objectives of the Incident Management Plan
The IMP is intended to meet immediate response needs, often undertaken by managers or personnel who may have little or no training within the field of security or crisis response. The IMP will typically go through a transition of management during the course of a crisis event, as more experienced expertise is mobilized to deal with the immediate, interim, and longterm requirements of an event. The IMP provides definition to an organization through guidelines and templates for the successful management of incidents, helping companies respond in a more organized and professional manner to manage the tactical aspects of the crisis event more effectively. Simplistically, crisis management meets the strategic aspects of managing a crisis event and the two areas should be self supporting and operate in unison.
The IMP can be designed to meet both domestic and foreign activities, supporting responses to both mundane and unique crisis events. The mandate of the IMP should include all incidents that constitute a significant threat to the life, health, or liberty of employees of the company, or those situations that might damage or undermine the image or reputation of the company, its physical assets, or its operations. The IMP might be developed for companies that are exposed to risks such as:

§  Medical risks in regions where medical infrastructures are poor or remote.
§  Areas subject to natural disasters such as floods, fires, earthquakes, or disease.
§  Political risks in areas subject to unstable rule of law and political tensions.
§  Regions with especially high levels of organized or opportunistic crime.
§  Countries that have active insurgent, activist, and terrorist groups in operation.
§  Companies whose activities might be subject to unwanted media attention.
§  Industries that might be exposed to highprofile or spectacular risk impacts.
§  Companies that might be subject to extortion, threats, sabotage, or kidnappings.
§  Companies with highvalue materials, technologies, brands, or assets.
§  Companies whose operations might be vulnerable to industrial or environmental accident risks.
§  Companies whose operations are in remote and inaccessible regions with poor transportation networks.
The IMP defines appropriate and sanctioned response guidelines and information requirements to guide personnel through the first stages of a crisis. Some of the following objectives should be considered central to the design of an IMP:

§  Mobilizing the right organic and external resources quickly and effectively.
§  Collating and gathering accurate and detailed information.
§  Ensuring accurate information flow occurs in a timely and focused manner.
§  Coordinating response activities during the first stages of a crisis.
§  Preventing the crisis from expanding or reoccurring.
§  Representing the company and its interests professionally.
§  Reducing the likelihood of physical and psychological harm to personnel.
§  Reducing the likelihood of damage to facilities, assets, or materials.
§  Supporting the restoration of business activities as quickly as possible.
Incident management plans can be considered one element of a company's risk insulation policy. If risk management is considered in terms of the insulating layers surrounding a live wire (the program or business activity), each layer of mitigation or management affords an additional level of protection against disruptive or harmful influences—thus making a risk pass through several layers of protection or defense prior to being able to cause harm

Incident Management versus Crisis Response

While a subjective definition, it is useful for companies to develop a concept of what they consider incident management versus crisis management. Typically, the crisis management teams have primary responsibility for strategic and complex risk issues, such as political, business, and wide ranging security risks, which can include actual or threats of kidnapping, extortion, bombing or other sabotage, illegal detention, and any conflict with the host government or authorities. The corporate team will also be primarily responsible for implementing complex or significant crisis response plans, such as major evacuations, disaster response measures, or repatriations of fatalities. Corporate management will be focused on considering events, risk levels, and operating constraints that might affect the overall company's ability to engage in or continue with operations in a country, or impact the company's reputation and brand image. Crisis management is therefore more strategic, holistic, and far‐reaching, supporting the response to the actual event, but also dealing with resulting and peripheral risks and requirements outside of the crisis event.

Incident management teams generally have primary responsibility for responding to security risks involving normal operational activities dealing with industrial accidents, organized and opportunistic crime, insurgency and terrorism, as well as natural disasters and other hazards. Incident management teams may take primacy of control for immediate crisis response (typically directed through such tools as the IMP) or urgent crisis response requirements, such as short‐notice evacuations. Incident management is therefore more tactical and granular, dealing with the immediate crisis event in order to bring about control and resolution—as well as supporting the broader crisis response requirements.

Often aspects of the two areas overlap or converge, and components of different incident and crisis teams may find themselves duplicating functions or transitioning responsibilities between the two levels as the event matures. It is useful for companies to organize their crisis response measures so that one group is focused on dealing with the actual event, and a second group is focused on supporting the first while also dealing with issues that would otherwise distract, or occupy the time of, those dealing with the actual emergency situation.

Popular Posts