Creating Incident Management Policies
Wednesday, 3rd April 2019
Many businesses and organisations fail to plan for emergencies and crisis's until it is too late. Trident Manor had the pleasure of delivering for a client a whole suite of corporate governance surrounding incident and emergency response activities. This case study shows how this was achieved.
A UK based, multi-function, hospitality client entered discussions with Trident Manor to provide Business Continuity Planning for the whole organisation. What became apparent was that the client did not have a structured approach to risk management nor to incident responses, which resulted in a number of silos being created that did not necessarily provide the cover that was needed.
The senior management team agreed that a BCP (Business Continuity Plan) in isolation was not appropriate as the broader preventative measures that are created through a risk management strategy and incident management planning were missing. Trident Manor was subsequently retained to deliver an organisation wide risk and incident management strategy that included responses to incidents, emergencies and crisis situations; as well as incorporating Business Continuity.
Trident Manor adopts a two stage, eight phase approach to the delivery of incident management services as shown below:
Stage 1 - Consult
- 1.Direction from Risk Assessment
- 2.Set Objective
- 3.Identify Actions and Responsibilities
- 4.Agree and finalise plans
Stage 2 - Embed
- 1.Issue and Circulate
- 2.Train key staff
- 3.Continuous review
- 4.Validate by exercise and response
The site was visited, staff (operational to strategic) were spoken to and operational activities were observed. A review of the existing documentation and resilience methodologies was undertaken, and a report generated outlining the vulnerabilities that existed and where easy fixes were available advice was provided to minimise the risk exposure faced by the organisation.
This risk assessment and review enabled a clearer understanding of the organisations approach to risk management and the measures that existed with regard to emergency planning and incident response.
Objectives were established that resulted in the creation of a combined Business Continuity & Incident Management Plan containing a separate Emergency Response and a Crisis Management Plan. The creation of these plans allowed roles and responsibilities to be clearly established across the organisation and templates to support and assist at times of response to be created.
The draft documents were shared with the insurance underwriters for their observations and comments and a presentation given to board and members of the senior management team. The underwriters were happy with the content of what had been prepared and proposed and the whole senior management team was better informed about the process that had taken place.
What next? Well it has taken three months to reach the end of Stage 1 and sometimes that can be the easiest part of the process. Over the coming months the different phases identified in Stage 2 will be implemented and the client will be better prepared to manage all types of incidents that it could be faced with.
If your organisation, whether UK based or international do not have robust incident management practises and procedures the likelihood of you failing to respond correctly or in a timely manner are increased; which will probably result in increased losses, operational disruptions and reputational damage. For clear and unambiguous advice and guidance please feel free to contact the Trident Manor team.