Incident Response Guidelines

Each crisis event will involve unique factors that will affect how the initial and often inexperienced firstline responders or ad hoc response groups respond, as well as how the followon and typically predefined and experienced incident and crisis management teams (CMTs) will manage to an event. It is problematic to attempt to completely define predetermined response plans and management guidelines, as each situation will be unique and each response guideline will require the necessary degree of flexibility needed to reflect the fluid management and operational requirements of each crisis event. That said, companies can plan ahead and determine the most likely risk events, as well as a sensible set of response options that can be used to guide less experienced managers through what is often a confusing and highly stressful situation, or provide a quick checklist for those with more experience to ensure complacency does not set in and uniformity of response measures are maintained.


Response guidelines should be considered as such: guidelines. They should not be considered restrictive, unless the implementing staff requires clear and strict instructions for dealing with particular crisis events. They effectively provide a sensible first responder and manager handrail which ensures that advice and guidance is offered where needed, and specific instructions are provided where necessary. It also ensures that key management requirements are not missed during an emergency, and that a logical and structured approach to resolving a situation is provided. Common sense and sound leadership at all times should take precedence. In addition, companies might wish to consider including a liability exemption for such documents, as such guidelines cannot prevent a crisis from occurring, and are not surefire measures by which to prevent injuries, property loss, or damage. These guidelines are purely mitigation tools for individuals to use during an emergency, helping focus a response and bring control and structure to often confusing situations. Response guidelines are useful for even the most experienced of crisis professionals, as they provide a checklist to walk a manager through response considerations as an event occurs, providing focus, structure, and consistency. Additional elements can then be added to enhance the response measures as required. Those drafting response guidelines should also consider the environment in which such documents will be utilized—often fast moving, high stress, and under considerable pressure. Therefore, the response guidelines should contain enough information to bring understanding to the user, without requiring significant time to read through and implement recommendations or gather information.

Response guidelines support the company in developing uniformity and transparency across the organization, ensuring that the basic tenets of response are understood and applied evenly, within what can often be complex and compartmentalized organizations. They can also be used in conjunction with information capture reports, helping managers both practically deal with a problem, as well as share critical information between multiple participants. These policies and procedures also evidence the company's efforts to manage its risks, and can form an important aspect of its duty of care approach. In addition, such measures might offset business risks, as well as reputational and liability risks if a crisis event results in a subsequent investigation or lawsuit. Such response guidelines are not designed to constrain innovation or lateral thinking, but should be configured to provide the foundations of a response system, as well as share simple and useful procedures for managing crisis events in the best way possible. The principles that should be applied when developing response guidelines are illustrated in Exhibit 5.1, and should conform to the following considerations:
  • Resourced.: The response guidelines should have the correct resources available to allow plans to be implemented, in terms of education for users as well as the materials needed to implement responses.
  • Supported.: Response guidelines should be supported by all management levels in order to ensure that activities have prior buyin and that consistent approaches are in place.
  • Rehearsed.: Ideally, response measures will have been practiced prior to an emergency so that managers and users are familiar and comfortable with the guidelines and requirements.
  • Integrated.: Integration both within the company and with external agencies is critical to ensure that response guidelines are effective. Technological integration is also required.
  • Leveraged.: Response guidelines should seek to leverage organic and external resources and capabilities in order to augment a user group's capabilities and capacity.
  • Flexible.: Response guidelines should be inherently flexible in order to meet the unique factors that invariably accompany each crisis event. They should guide, rather than be rigidly enforced.
  • Measured.: Response guidelines should provide a calm, measured, and mature response to crisis events, reducing panic or kneejerk reactions.
  • Clear.: Response guidelines should be clear and easy to follow—meeting the knowledge, capabilities, and experiences of a wide and diverse user audience.
  • Pragmatic.: Response guidelines should be pragmatic and realistic. They should provide the right level of support to resolve a problem—simplicity and realism are vital.

 

Exhibit 1: Response Guidelines Principles

The following response guidelines offer suggestions for how simple and userfriendly management protocols can be developed to meet the requirements of a wide user audience, for a variety of threats a company or organization might face. Each guideline should be considered as an isolated tool, providing sufficient instructions and prompts to assist first responders and crisis managers in dealing with singular events. A degree of repetition will be evident within some guideline protocols as each management response guideline should be self contained and able to operate in isolation. At the end of each guideline response is a blank organization contact list that can be used to guide managers to the correct organizations to liaise with, alert, or mobilize for each type of risk event. This should be linked to the Business Continuity Management Plan communications and interface plans and should be simple enough for those not trained or experienced in applying crisis management policies and procedures to use effectively, but should also be designed to support a range of incident response and crisis management teams as well. It should be remembered that these plans will need to be clear, simple, and succinct when used in order to offer guidance to managers while they concurrently face the stresses and challenges of coping with the crisis event itself. Companies should seek to tailor such responses to suit their corporate policies and objectives, making plans short or more detailed depending on their need and level of risk, as well as the business activity and its operating environment.

Aspects of the response guidelines and data call section will be repetitive of other components of the Business Continuity Management Plan. This is necessary in some areas so that each section can operate in isolation, if required.

Popular Posts