4 Elements to Create an Incident Ready Program

The purpose of an Incident Readiness Program is to enhance the ability to respond effectively to any business disruption and restore those assets (Business Processes, facilities, technology, suppliers and people) that are critical to the delivery of that organization’s Products & Services. The Planning Phase of the program enables the organization to identify the critical assets at risk, prioritize the resumption of business processes, map dependencies necessary for effective response & recovery, and develop actionable plans.

Testing and exercises should be designed to find the gaps in recovering those critical assets – both strategic and operational. The Incident Management component of the program establishes the organizational structures and tools for command, control and communication during a disruptive incident.

To facilitate true Incident Readiness, the BCM program should also focus on:

  • Dependency Mapping: Cataloguing of organizational Assets (people, sites, processes, technology, suppliers…), their dependencies and impact parameters.  The modeling of assets is a fundamental decision support mechanism to enable Incident Managers to identify the causality chain that is critical to carrying out an effective Incident Response.
  • Actionable Plans: Plans need to be both concise and actionable – every task should identify the ‘team’ assigned and the time required to execute. Each Plan (which can be thought of as a ‘playbook’) should delineate the sequence of task execution and provide a structure that allows flexibility to change the ‘workflow’ dynamically as a situation evolves. Most importantly, the Plan’s objective should always be the restoration/resumption/recovery of critical assets – not broad scenarios.
  • Dynamic Teams: Using a role-based planning approach, all responsibilities should be assigned to teams – not individuals.  For effective Incident Response, team memberships have to be dynamic.  Based on geographic impacts, time of the incident or other factors, team compositions may need to be reconfigured on the fly – based on resource availability.
  • Communication: The linchpin of effective Incident Response. A solid communication plan should include mechanisms for responder collaboration, periodic communication updates to stakeholders (those concerned, but not directly involved), roll-calls, polling and recovery status updates.  The communication protocols have to be defined, tested and periodically aligned with the organization hierarchy.

Perhaps the most important requirement of implementing an effective Incident Readiness program is a purpose-built system implemented on a relational database.  Attempting to create a homegrown Incident Ready program with SharePoint & Office tools is bound to come up short – resulting in little more than ‘door-stopper’ 3-ring binders. The real key to effective Incident Readiness is the ability to dynamically change plan execution workflow and resource assignments based on real-time situational awareness.  We create Response Plans in ‘ideal conditions’ but we need to incorporate flexibility to facilitate on-the-fly change as a disruptive  situation demands. Is all that effort worth it?

Click here to read Part 3 to learn the 5 Advantages of an Incident Ready Program. See how you and your BCM Program can make that quantum leap toward an Incident Ready program.

SHARE:
Ramesh Warrier

Ramesh Warrier

eBRP Founder and Chief Designer of eBRP Suite, Ramesh is a proponent of constant change, a visionary who believes that the practice of Business Continuity can deliver improved operational efficiency. Ramesh, B.Tech in Electrical Engineering, has nearly 30 years experience in Business & Technology roles. His thoughts are expressed in blogs, white-papers, frequent webcasts and speaking engagements at industry conferences.

Related Posts

A Toolkit to Build Enterprise Resiliency

A Toolkit to Build Enterprise Resil...

A well-rounded Enterprise Resiliency Toolkit (𝗧𝗼𝗼𝗹𝗸𝗶𝘁) would provide key tools…
Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…