7 Key Considerations For Effective Incident Response Plans
No organization wants to be reactionary in the event of an incident; a proactive approach with an incident plan is much more likely to minimize impacts.
Consider the families of six tornado victims at an Amazon warehouse. On December 10, 2020, an EF-3 tornado touched down with the warehouse in its sights, destroying the building with 150-mile-per-hour winds.
The roof of the Edwardsville, Illinois warehouse collapsed, and its 40-foot-tall concrete walls fell inward. Several people taking shelter in a restroom were killed.
Before the tornado, Amazon warehouse workers expressed concerns about inadequate safety measures, but their concerns were not heard—at least, not the evening of the warehouse collapse.
“We want to go back and look at every aspect of this,” Amazon spokesperson Kelly Nantel said. “There’s always going to be tremendous learnings from any type of catastrophic event like this and we want to make sure our policies, our practices are consistent with any learnings that we have from this event and with all best practices.”
No matter how well you plan for an incident, there are likely to be extraneous circumstances that necessitate on-the-go changes. A well-structured plan will help guide your team through those pivots, versus a weak—or nonexistent—incident plan.
How do you create a robust plan though? Let’s take a look at 7 key points to consider when creating your incident planning framework.
1. Define the purpose of your critical incident response plan.
It’s essential to know the purpose for each incident protocol you create, because there simply isn’t a one-size-fits-all strategy. Each situation will require a unique process. For example, an incident with an active shooter would likely require that people shelter in place, while a fire would mandate that people evacuate the building.
A clear, well-defined purpose is the foundation on which your entire incident protocol is built. Know exactly what you are trying to achieve, and why.
2. Have a framework before planning.
There are several different factors that have to be taken into account before you even begin building your incident response process. In fact, there are 12 things to take into consideration, which are:
- Buildings and infrastructure
- Technology and material assets
- Activities and services
- Reputation/public perception
- Governance, regulations, and environment
- Legal implications
It’s important to look at each one of these components by asking yourself if your incident response process maintains the integrity, security, and sustainability when a critical event occurs.
Not every critical event will impact all of these components. For example, a fire in a building might not impact any contracts in place. Yet, it’s better to build your plan with the 12 above components in mind, and omit them if they aren’t applicable.
3. Be organized with your incident response steps and tools.
A solid foundation, as mentioned in step 2, will help the flow as you create your action plan and consider any supporting tools.
A cohesive incident response plan will serve many purposes, including:
- Demonstrates to stakeholders that your organization plans for and takes critical events seriously
- Formalizes a response structure and organized methodology to make sure that the right actions are taken
- Validates that the plan follows the framework as noted in step 2, thereby meeting the organization’s expectations and that of its stakeholders
- Aligns the stakeholders’ objectives if and when an incident takes place
- Outlines all the communications and reporting tools, ensuring that they are available, validated, and ready to use
- Allows stakeholders to test the plan multiple times before it is needed
- Ensures easy adjustments to the protocol as needed
- Stands up to audits when necessary
This thorough approach can be tailored to any incident because the incident response steps are well-defined and outlined. Remember that a critical event doesn’t end when the threat is mitigated; it still needs to stand up to the scrutiny of public opinion, legal constraints, etc.
Don’t forget: Implementing an automated incident management platform is the only way to make sure that everyone will do what they are expected to do when reaction time is critical.
4. Make sure that information is captured and continuous.
Regardless of the incident type, information is absolutely critical throughout the event. If an event is comparatively small, such as an isolated harassment situation between two individuals, it is somewhat easier to make sure necessary protocols are followed.
A more far-reaching incident, such as an active shooter, can quickly challenge the information flow of an incident plan. In such a situation, events can unfold quickly, and peoples’ lives can be further jeopardized by a weak plan.
A successful incident response plan should:
Allow for a smooth flow of information as that data is created. This may be through texts, images, evidence, and so forth. And this information should not be dependent on additional human intervention to facilitate that flow.
Your incident response plan should allow all stakeholders to provide additional information easily, at any time, in every circumstance, and from everywhere. When incorporating a critical event incident response management software, check how it facilitates the spread of information.
Does your software have a chat module? A robust chat component will be triggered automatically when an incident is launched. It will seamlessly bring together:
- the alert launcher
- the person (or parties) responsible for monitoring the situation, and
- everyone involved in that event.
Centralize all the information that is generated or necessary to respond to the critical event. With a chat module, the entire conversation can be captured and transmitted to the incident report.
Make sure that the different streams of data are connected and easily accessible. There are two types of information feeds.
The human feed. How should the information be conveyed between you and the other stakeholders? As you’re planning this, make sure there is little friction between the incident and your organization’s response to it. A robust system should capture the information quickly and without interference.
For example, a mobile application allows all parties to signify a situation immediately, activating your plan immediately. This makes it easy for people to report in, identify more issues raised, and capture more contextual data (i.e., event description, images, location, etc.).
In other words, the information communicated to you is exactly what you will receive, without clutter. If you maximize the number of people who utilize the app, and make sure your solution is highly flexible, you will easily capture every detail.
When contemplating software choices, think quality, quantity, and speed. Consider these questions:
Does your incident response mobile app allow your people to answer event-specific questions?
Can it automatically trigger an incident protocol?
Does it allow for participants to provide additional information during the event?
External feed. When creating your plan, consider utilizing an integrated source through API with your incident response platform.
What systems and data can provide critical value during an incident? It’s important to consider these points both when you are determining if it’s necessary to trigger your incident plan, and through the duration of the incident.
5. Optimize resources and save time.
Every second counts as a critical event is unfolding.
Removing manual steps by automating your process as much as possible increases response time and reduces human error. A rapid response is absolutely critical to optimize each stage of your action plan as it unfolds, through each step, and in between each step as well.
These are the critical steps that you should consider optimizing:
6. Have the flexibility to adapt to different events.
Incident response software is supposed to improve processes, not bog them down. When looking at different solutions, ensure that any such software you consider adapts to your needs, versus forcing you to adapt to its constraints.
A robust incident response software package will allow you to:
- Ask the question you want right from the start and at any time during the incident
- Automatically share tasks with the right people
- Automatically send notifications when necessary
- Allow specific incidents to be triggered by some teams, depending on the event
- Share some events with specific teams or individuals without giving them access to other events. You don’t want to distract stakeholders unnecessarily. As an example, an HR event would not necessarily need to be seen by the same people who would manage IT incidents.
7. Have access to solid reporting tools.
As mentioned above, a well-constructed incident plan accounts for activities before, during, and after a resolution is reached.
Data should be collected and transmitted in reporting tools, for several reasons. Tracking data helps:
- Collect evidence for future use with legal issues, any contract disputes, or conveying accurate information to the public.
- Address key performance indicators (KPIs) in your organization
- Learn from both mistakes and successes
- Adapt your plan to better address future issues
The aftermath of a situation is as important as resolving the incident itself. Do you know what information your management and stakeholders will need in a report? Knowing the data you need for post-event steps will help ensure that information is collected and transmitted during the event.
An organization can face a slew of different event combinations, from natural to man-made incidents. When considering your own incident response plans, consider the 7 components listed above.
Does your plan or plans take each of these into consideration? If not, it may be time to restructure your critical event response solution before it’s too late.