Incident Management Plan Alert States and Trigger Response Plans

It is important for incident managers to be provided with simple guidance as to how to sensibly and effectively escalate a risk management posture to reflect threat indicators, or increasing levels of threat. It is also important to define the difference between a problem and a crisis, so that managers do not ignore a real crisis event, or conversely do not mobilize resources that far exceed a requirement, as this will quickly fatigue the crisis management responses. Frequently the determination between a problem and a crisis is a subjective one; however, some simple guidelines will assist those less experienced in identifying and managing crisis events.

The Business Continuity Management Plan will typically contain detailed alert states and trigger plans to meet a range of possible crisis scenarios; however, a simplified version can be useful within the IMP itself. Threat levels are often the key indicators of alert states, but threat levels can be extremely volatile and do not necessarily reflect actual risks to personnel, facilities, resources, or activities. Assessing alert states in terms of the threat and vulnerability will provide a more tailored and local alert state. This should be a continuous process of assessing the risk environment in which the company is operating, at local, regional, and national levels—rather than being purely associated with IMP requirements. Sound judgment forms the basis of a decision; however, the development of agreed alert states provides a common vocabulary, context, and structure for assessing and reacting to the threats that confront the company's people or project. In essence, these alert states provide a simple and effective way of conveying the severity of a situation to local, national, and corporate management in order to facilitate their decision‐making process, as well as evidence and justify a response need. They also bring important consistency to the risk management approach. Alert states can also be used to trigger internal risk and security measures, increasing awareness, initiating contingency measures, and mobilizing resources to be positioned to enable the company to respond at appropriate levels to a particular need.

Alert states can be influenced by internal assessments, or may be influenced or guided by government, military, or civil assessments. There may be differences in what a government considers just reason to evacuate, and what commercial organizations see as the final trigger for a withdrawal. Businesses will bear the brunt of financial or project losses, whereas diplomatic warnings are more advisory and often not audience specific. Alert state risk assessments can also be tied directly to actions required and policies implemented. This will assist in a semi‐automated process following the risk assessment. Alert states may vary from negligible to low, medium, high, or extreme. In each instance, an explanation of what drives the classification should be provided to avoid personal perspective or ambiguity, as well as what actions are required in association with alert states to reflect a change to risk levels. Tables may be complex or simple, depending on the complexity of the company requirement—although the IMP version should be as clear and focused as possible to reflect the user audience's knowledge, capabilities, and experiences. Exhibit 2.16 illustrates a simple table that might be used to guide first responders and incident managers through a simple and directed decision‐making process connected to certain levels of risk probability. Numerical alerts can be used to guide managers to where they need to start taking action; alternatively, color coding is an option to making interpretation of risk levels easier for users.


Exhibit 1: Incident Management Plan Alert State Trigger Plan

Generic and macro‐level trigger natures are illustrated in Exhibit 1; however, more specific triggers or trip wires may be defined by companies so as to provide granular‐level guidance to staff. Organizations such as the U.S. Overseas Security Advisory Council (OSAC) advocate trip‐wire planning for commercial organizations operating abroad. The OSAC advocates determining points at which certain risks—principally natural disasters, civil disorder and political unrest, terrorism, health and environmental threats, infrastructure weakness, and other facility or employee concerns—mobilize an organization into predetermined response measures (OSAC, “Tripwire Approach to Emergency Planning,” May 11, 2008). Establishing trip wires or trigger points enables local managers, as well as corporate officers, to have clearly defined and unambiguous points at which decisions or actions are taken, whether they be major earthquakes, large‐scale riots, pandemic alerts, fuel shortages, or water contamination threats. These specific trigger points or trip wires can include:


  • Demonstrations that indicate growing social unrest, whether peaceful or violent in nature, especially if aimed at foreign workers, facilities, or other associated company activities.
  • The media, host nation government, religious groups or leadership, or militia leaders preaching or actively spreading inflammatory propaganda or directives that could adversely affect the company, its personnel, or its facilities.
  • A rapidly diminishing ability to gain accurate and timely information from local government organizations, foreign missions, and media agencies on local or regional events that could present threats to the company.
  • Increasing levels of opportunistic criminal activity, especially if directed at specific ethnic or religious groups, genders, or business activities, locations, or facilities.
  • Focused attention by organized crime on the company and its employees, activities, or facilities, or unwanted attention toward associated or similar commercial groups.
  • Rising levels of insurgent, terrorist, or activist targeting, especially if directed toward the company or toward associated or parallel groups.

  • Host nation, embassy, media, or other public announcements indicating an increase in specific threat types or pending crisis events.
  • Sustained disruptions to basic infrastructure or utilities preventing the supply of clean water, gas, electricity, food, fuel, or other life‐support essentials.
  • Reliable reports of an imminent natural disaster—hurricane, typhoon, tsunami, wildfire, volcanic eruption, or flooding.
  • Reports of a pending or occurring industrial or environmental disaster that could present toxic or physical hazards to personnel, as well as contaminate facilities, food or water supplies, or critical materials.
  • An outbreak of contagious diseases that the local government or responding agencies do not have the resources, expertise, or medicines to treat.
  • Rapid economic decline brought about by sanctions, civil unrest, coups, assassinations, or the turnover in host nation leadership, which might lead to local authorities being unable to maintain law and order.
  • Political instability and loss of governance resulting from the abrupt replacement, detention, or arrest of key government officials, military leaders, political opponents, religious leaders, or other prominent figures.
  • Similar organizations increasing security profiles, ceasing operations, closing facilities, rapidly evacuating personnel, or demobilizing activities.
  • Foreign embassies and aid agencies declaring heightened risk alerts or withdrawing their presence from the area, region, or nation.
  • The inability, lack of resources, or unwillingness for local or national security and law enforcement agencies to provide adequate protection to foreign workers and the company's interests.
  • Rising levels of corruption, extortion, and legal liability risks presented by corrupt political leadership, which could result in detentions or imprisonment.
  • Rapidly declining transportation capacities for road, rail, air, or maritime facilities, which could adversely affect the ability of company employees to evacuate the country.


Each company, and indeed project, should provide definitions and responses that are appropriate to its unique requirements and operating environment. The risk assessment conducted during the contingency planning aspect of the Business Continuity Management Plan's development should define what postulated threats are posed against a company or particular activity, and thus what should be included within the risk type category. The guidelines should be considered as such, guidelines, with common sense playing a critical role in how managers respond.

Immediate Resource Mapping


While a function of the Business Continuity Management Plan, and in particular the resource and interface management plans, there can be value in providing a succinct resource mapping component to the IMP to ensure that managers are quickly directed to the most appropriate and reliable internal and external resources to help them to best manage a crisis event—especially at the local levels. Resource mapping should identify both usable and unavailable resource options so as to avoid time wasted pursuing those response groups that have been proven to be unreliable or unavailable during the contingency planning aspect of the risks management plan, as illustrated in Exhibit 1. Immediate resource mapping may cover a range of service areas, including but not limited to:


  • Critical commercial support (utilities, power, medical, security, legal, etc.).
  • Armed response or quick reaction forces.
  • First line or surgical medical support.
  • Medical evacuation support.
  • Repatriation services.
  • Emergency materials and resources.
  • Transportation services (air, land, and maritime).
  • Legal services.
  • Explosives detection and clearance services.
  • Kidnapping and ransom response services.
  • Safe havens.
  • Stress trauma support.
  • Firefighting and emergency services.
  • Security and guard services.
  • Liaison and interpreter support.



Exhibit 1: Incident Management Plan Immediate Resource Mapping

Immediate resource mapping will also take into account the interface plan as well as the resource management plan, as they relate specifically to incident management. It is typically the crisis management elements that might mobilize the most significant resources to support the needs of a complex or large‐scale crisis, and the IMP may therefore require a scaled‐down version to enable the first stages of a crisis situation to be brought under control. Such simple reference guides may be placed onto an operations center wall, or within a simple flip chart as a reference document. They need to strike the right balance between providing sufficient guidance to reach the correct level of understanding and decision making versus providing so much data as to overwhelm and confuse incident managers.

Popular Posts