Incident Response Management Systems – Frequently Asked Questions

1. Nothing really bad has ever happened to my organization, why would we need a critical event management plan?

Incidents often expose the inability and unpreparedness of organizations that are then judged on how they deal with an incident. An unprepared organization loses credibility quickly. Incidents are an unfortunate and statistics-backed certainty—unpredictable, yet inevitable. A solid incident response management plan is essential to resolve an incident quickly, safely, and with minimal collateral damage.

2. How bad does an event need to get to be considered a crisis?

Perception is reality. A situation becomes a crisis when it reaches a stakeholder’s acceptable limit. Stakeholders will always judge the way the organization deals with the incident. For example, the investor will look at the perceived impact on the value of the organization. An employee will assess the degree of human sensitivity with which the organization reacts. The customer might compare how other organizations have dealt with situations like this.

3. How do I write a critical event response management plan when I don’t know what incidents to plan for?

Always start by asking the organization’s stakeholders. To identify the stakeholders, ask yourself, these two questions:

1. Who would be impacted by a situation? and/or
2. Who would be involved in the response process?

Ask them, as a stakeholder, what's on their mind, i.e., what type of risk or what consequence are they most afraid of facing. This will help you establish a solid foundation for your critical event response management plan.

4. Should the same person always be the one in charge for any critical event?

No. Critical events vary from HR issues to IT, to Emergencies, to customer complaints, to environmental crises, etc. All these should be dealt with by the teams and individuals that are the most relevant, trained, and those that are ultimately responsible for each of the tasks defined in each critical event response management plan. Even if individuals wear different hats, it’s best not to have the same person deal with every critical event as it can get confusing and overwhelming.

5. What is the most important thing to do during a crisis?

As an employee, the most important thing is to do what the organization is expecting from them, as defined in the critical event response management plan. Incident response software can easily tell everyone what is expected of them throughout the incident, and allows them to communicate changes that may affect the plan. Adjustments to the next steps in the plan can be made and easily shared with everyone through mass notifications.

6. How does incident response software work?

The ideal incident response software allows the organization to gather necessary information and automate the response plan. When an incident happens, the designated employee can notify relevant stakeholders in seconds through a mobile application.

Then, an automated protocol (or workflow) is triggered, sending the right tasks to the right teams, in the right sequence at the right time. All notifications are coordinated, and all actions and communications gather in a secure report for future review and audit.

7. How does incident response software know how to react to different critical events?

An incident response software is comprised of many incident scenarios and protocols or workflows that are triggered based on certain criteria. The appropriate protocol for the critical event that is underway can be triggered automatically or selected by a dedicated team member from a command center view. Alternatively, it can also be triggered by an alert received from an external software or device.

8. Who should have access to the incident response software?

An incident response software is comprised of multiple user types:
1) the individual who notifies stakeholders of a particular situation,
2) the dedicated team member or teams that need to re/accomplish specific actions to resolve the situation, and
3) the supervisor is authorized to monitor the entire situation with a command center view.

There is a fourth category or stakeholder who is not necessarily a user but that can receive notifications throughout the incident (think of parents in a school, clients, partners, etc.).

9. Will incident response software help me figure out who to blame for a critical event?

A comprehensive emergency response system keeps a non-modifiable record of any action and communication undertaken during the event. Complete traceability allows the concerned individuals to follow the trail and identify what went wrong, when, and who was responsible. This will help during any ensuing investigation or incident response performance evaluation.

10. What is SOC certification and why is it important for incident response software?

Mature organizations prepare for various scenarios where sensitive information is shareable during an event, using mobile devices and web interfaces. This information can be related to the organization, the individual, and the nature/characteristics of the event. For peace of mind, rely on a provider that keeps your data safe and secure. Choose a certified SOC 2 – Type 2 provider who will have specific security controls in place and ensure ongoing compliance tests by an independent auditor.