Incident Management 103 – Communications

During an incident there is constant need or desire for information from many stakeholders:

  • Senior Management wants to know what is impacted, what the response is, what the expected outcome is and when operations will be back to ‘normal’.
  • Line managers who are indirectly impacted want to know when they can get back to business-as-usual.
  • Employees want to know what they should do, where they should go and how long the situation is expected to last.
  • Customers want updates on the status of delivery of products & services.
  • And the media may be clamoring for an explanation, or at least status updates.

When information is not forthcoming, those stakeholders will assume that nothing is being done. Communications must be part of the Incident Response Plan. It can’t be left until a disruption occurs. Having a separate Crisis Communication Plan may be helpful – as long as it integrates thoroughly with the Incident Response Plan. Automated notification tools can greatly enhance the Communication Plan. The ability to reach a large audience quickly, schedule delivery of messages in advance and leverage multiple channels of communications – Voice, Txt, SMS, email – concurrently make manual Call Trees and lists seem prehistoric. Communicating on both a periodic basis and on an “as needed”-basis are both important ingredients in effective Incident Management. Communication planning associated with Incident Response, may be divided into broad groups:

Updates – From the time the incident is first logged until the incident is officially closed, there is a constant need for communications to ensure timely and effective response.

  • The communication plan starts with notifying the Incident Management team, the appropriate incident response and disaster recovery teams and any external providers associated with business continuity operations – to put these teams on alert or standby.
  • There must be procedures to activate the Business Continuity and IT Disaster Recovery teams once the disaster declaration has been initiated and their response plans are activated
  • The plan should also include periodic roll-calls to catalogue the personnel currently involved with the recovery, restoration and resumption activities – and those personnel available to assist when needed.

Collaboration – Efficient response requires frequently updating the status of task execution – both among responder teams, and between responders and Incident Management teams. Collaboration among the teams involved in the restoration activities is critical to restoring vital operations within the defined RTO targets. Murphy Law always applies during a crisis: anything that can go wrong will go wrong. There will be all sorts of unanticipated issues that may disrupt the recovery process. Issue resolution requires collaboration among many stakeholders and teams: Incident Managers, Finance for ad hoc spend approvals, Logistics for travel & living arrangements or additional space, etc. How issues will be reported – and how responsibility for resolution and status communications will be handled – must be premeditated and planned.

Reporting – We all see the ‘rubbernecking’ that causes congestion whenever there is an accident on the highway. That’s just human nature. Humans are naturally curious; they need to know everything that happens around them and are looking for information. During a business disruption, if this hunger is not satisfied, stakeholders (and the curious) will assume that nothing is happening. Or worse, you will be inundated by a monsoon of phone calls until their need for information is satisfied. The Communication Plan must anticipate these demands and include processes and procedures to push updates of the status of recovery efforts on a periodic basis – rather than fight the battle with those trying to pull information from Incident Managers. Making this ‘push’ with real-time, dynamic updates will reduce the ‘pull’ of outside inquiries – letting Incident Managers concentrate on resolution, not answering repetitive inquiries.

Crisis Communications – The terms “Crisis Management” and “Incident Management” are often used to mean the same thing. It’s more efficient to think of an ‘Incident’ as one that impacts operations, and a ‘Crisis’ as one that impacts brand, image and markets. Often, an Incident leads to a Crisis. So Crisis Communication needs to be a part of both. And Crisis Communications is an entire industry by itself. We will write a separate blog specifically about Crisis Communications sometime in the near future.

Stakeholders – Every incident impacts stakeholders, and each incident will have different stakeholders. Identifying those critical stakeholders and targeting communication to meet their individual needs is an important process. Whether it is part of the Crisis Communications plan, or of the Incident Management plan itself, stakeholder communications, like Reporting, will reduce their need to ‘pull’ status information, and will keep those awaiting assignment aware of their status. Stakeholders may include responder teams, Crisis Managers & communicators, internal & external business customers, senior managers, boards of directors, regulators, suppliers, neighbors and more. Incident Management involves efficient allocation of finite resources, timely restoration of functions or IT services, and as a goal, ensuring an effective Incident response. Message contents will change with the situation, but the Communication Plan must account for both periodic updates and real-time dynamic information pushed to participants and stakeholders.

The Communication Plan is the glue that will hold all the pieces together – the people, the tasks and the timeline.

SHARE:
Ramesh Warrier

Ramesh Warrier

eBRP Founder and Chief Designer of eBRP Suite, Ramesh is a proponent of constant change, a visionary who believes that the practice of Business Continuity can deliver improved operational efficiency. Ramesh, B.Tech in Electrical Engineering, has nearly 30 years experience in Business & Technology roles. His thoughts are expressed in blogs, white-papers, frequent webcasts and speaking engagements at industry conferences.

Related Posts

A Toolkit to Build Enterprise Resiliency

A Toolkit to Build Enterprise Resil...

A well-rounded Enterprise Resiliency Toolkit (𝗧𝗼𝗼𝗹𝗸𝗶𝘁) would provide key tools…
Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…