The Four Pillars of Incident Management

The Four Pillars of Incident Management

Data center failures, natural disasters, weather events, security incidents, traffic jams. The number of crises your organization could face is daunting. If you're on the hook to have your business prepared, we've organized incident management process into four pillars to provide framework for the unexpected.

At Whispir, we've worked with hundreds of Incident Managers at companies across the world. From this experience, we have found there are only four pillars for managing communications during an incident. If you can put your playbook in this context, you'll be better prepared to respond.

Ever get an Amber Alert? Was it relevant to you? One overarching theme here: while you may be inclined to do mass notification to the team, spamming everyone will have a negative impact - leading to your alerts being ignored. Communications must be timely, targeted and accurate. Don't spam everyone, just the people who need to act or be informed.

Pillar 1 - Collect

All incidents are triggered when a sensor goes off. A sensor can be anything, machine or human. It could be firmware on a vehicle telematics system, a network monitoring software, or a student on campus who lets the security guard know about a suspicious bag she saw. Last week we were shown a Post-It note from an Incident Management leader telling future visitors about a 'mouse in residence'. Collecting situational accuarcy from their field is critical. Ensure your have a system flexible enough to handle as many forms of input (digital or otherwise) possible. Starting with good information is key.

Incident_Management_-_Mouse.png

Pillar 2: Choose

Based on the kind of incident, the data collected from the field needs to be routed to the appropriate team to make a choice about what playbook to run. A fire may go to an different team then a flood, or a shooter, or a network outage. Ensuring data integrity is paramount in this process, allowing the assessment team to make an informed, timely choice about how best to respond. This assessment team could be software, or a series of humans who have authority to trigger the next phase. If information from the field is accurate and timely, this pillar should happen fast.

Pillar 3: Act

This is the actual response, instruction specific teams to do specific things until resolution. These communications can vary in content and medium. Track everything. Being able to analyze ;progress and status of these communications and their outcomes can mean the different between success and failure during a response. Depending on the incident and your playbook, this stage ;can take minutes or years.

Pillar 4: Analyze

During an incident, there are various groups who need to be kept informed about the status, impact and actions related to the incident. Our customers call these dashboards. The dashboard needs to be relevant to that team, the CFO wants different information, then the PR team, or recovery leaders themselves. The point is, share what’s happening in the context of the viewer - so they have useful information and don’t call the response team, interrupting that team's work.

In Summary

Nobody wants an incident to happen. But smart companies need to be prepared for random and rare occurences. We hope this framework is useful to be prepared for the unexpected.

The Four Pillars of Incident Management
Related Topics:

more articles like this

subscribe to our
newsletter