An incident is an event that can be, or could lead to, a disruption, loss, emergency, or crisis (Good Practice Guidelines Edition 7.0, BCI 2023).

In order to effectively manage an incident, actions need to be coordinated and directed to support the organisation to assess, respond and recover from an incident.

To enable this, organisations need to design their incident response teams, develop incident response plans and implement processes to ensure these capabilities will work during an incident.

Each organisation will have different requirements when it comes to designing their incident response teams, for example size, resource or skill sets.

Incident response teams should be designed to:-

• Manage a variety of incident types;
• Assess the the operational, tactical and strategic impacts of an incident;
• Have the authority and capability to implement and direct response and recovery strategy, actions and resources.

To be effective, incident response teams need:-

• Training;
• Clear roles and responsibilities;
• Plans to support escalation and decision making;
• Opportunities to practice this capabilities via testing and exercising.

To support incident response teams, often during high-pressure and time sensitive incidents, easy to follow plans should be developed to offer guidance and remind the teams of key information and processes.

Incident response plans should align to the organisations Business Continuity Management (BCM) processes and provide relevant guidance at the operational, tactical and strategic levels. Plans should include aspects such as:-

• Purpose, aim and objectives of incident response;
• Safety  considerations and actions;
• Assessment, invocation triggers and escalation requirements;
• Response structure, meeting locations and authorised roles;
• Communication requirements and key contact details;
• Key actions to consider or take to assess, respond and recover effectively;
• Templates to record the details of the incident;
• Stand down procedures and lessons identified processes.

It is also important that incident response plans are tested, to validate that they will provide the right guidance and support to the incident response teams at the point of need.

By testing and exercising incident response plans and teams, organisations are able to train for, assess, practice and improve their continuity and resilience capabilities.

These capabilities can not be considered reliable or effective unless they have been exercised. This process is an opportunity for lessons to be learned or continuous improvement identified in a safe environment, rather than when an incident occurring.

Exercising can also:-

• Identify any gaps or vulnerabilities in contingency strategies;
• Validate roles and responsibilities;
• Improve competency;
• Build confidence;
• Develop teamwork;
• Raise awareness of continuity and resilience across the organisation.

A programme of testing and exercising should be implemented within organisations to ensure continuous improvement and the maturity of capabilities overtime.