Incident Management vs. Crisis Management

Imagine for a moment that your company building was impacted by a natural disaster; what will happen to the day-to-day operational activities?

Suppose, some of the executives in your company were responsible for a scandal, how will you manage the company’s brand/reputation?

Unplanned events occur, and it can be devastating to businesses if there is no preemptive planning. When outlining Business Continuity Management programs, too often organizations confuse the terms Incident Management and Crisis Management. When we separate the two into distinct programs, we create clear goals, responsibilities and lines of authority.

Incident Management

An Incident disrupts the day-to-day activities of the business by impacting any tangible assets. This can include the loss of the company premises, an illness or a sudden passing of a key staff member, systems failure, damage to supplies and/or other key business processes that support the purpose of your business.

When disruption is reported, you must manage the incident immediately. Here is the crucial four steps process.

  1. Measure the impact of the disruption
  2. Identify appropriate strategy for response
  3. Resume processes or manage the impacted systems
  4. Coordinate with Recovery Teams responsible for implementing the strategy

It is possible that by effectively responding to the incident management process, you can prevent a crisis.

Crisis Management

A crisis can damage your business’ brand, affecting its reputation and even result in you being dragged into a legal battle.

A crisis could be a result of rumours, product defects, adverse publicity, negative social media activities, or actions of employees, distributors or suppliers, which reflect poorly upon the organization.

After multiple fatal crashes, GM had to recall 1.6 million cars to fix faulty ignition switches. When Vanity Fair published an article about Tinder creating a hookup culture, Tinder reacted with an emotional meltdown on Twitter. A FedEx employee was caught on camera throwing a package over the fence without ringing the bell. The video went viral making it to the news. These are just a few examples that almost broke these companies. We live in a society where the consumers we serve desire transparency and openness, rightfully so. Having a crisis management strategy in place would help your organization communicate effectively internally and externally minimizing damage.

In some circumstances, Incident and Crisis situations might be invoked simultaneously but the plans must be developed and maintained separately. This distinction will be greatly valued during moments of Incident or Crisis management and must be taken seriously. Both plans must:

  • Define areas of responsibility
  • Identify clear protocols for invoking the related plan(s)
  • Test and exercise simultaneously: This ensures that all participants get a clear understanding of their roles and responsibilities
  • Educate and inform all members of the organization of the two separate plans and teams involved
SHARE:
eBRP Thoughts

eBRP Thoughts

eBRP Thoughts, eBRP’s Blog voice, represents 50 + years of cumulative BCM knowledge gained through experience in corporate BCM program management, consulting & program implementations. We've worked hand-in-hand with governments and private enterprises to develop viable BCM programs. eBRP is an active participant on LinkedIn and Twitter. The opinions expressed in our eBRP.net blog are ours and are intended to engage resiliency planners in conversations about the BCM industry, its standards and its future.

Related Posts

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…
Threats, Impacts, BCPs

Threats, Impacts, BCPs

Within Business Continuity circles there is ongoing debate about the…
The BCM Challenge: Executive Buy-In

The BCM Challenge: Executive Buy-In

As a Business Continuity Management (BCM) solution provider, the first…
DR Plans – The What, When & Who

DR Plans - The What, When & Who

As a Business Continuity practitioner with more than 20 years…
Disaster Recovery – Exercised

Disaster Recovery - Exercised

As part of its Resiliency program, one of our clients…
You have a Risk Department.  Why do YOU conduct Risk Assessments?

You have a Risk Department. Why do...

If you’re new to Business Continuity, you have a lot…