Getting Started Guide to Incident Management

Unexpected things happen, even if you expect them to

It’s a regular weekday at your organization. Traffic was a little heavier than usual on the way in, probably because of that construction zone. But you got the last of those blueberry scones you love at that coffee shop across the street, so it all evens out. Your midmorning meeting starts in 15 minutes, so you go over your materials to prepare.

And then, it happens.

The first thing you notice is two of your co-workers whispering loudly on the other side of the floor. You ignore it — after all, you’ve got somewhere to be in 14 minutes. An email arrives in your inbox… something about an emergency? The details don’t make sense, and besides, you don’t have time to get into it anyway. Maybe it’s spam. You make a point to look at it later.

One or two phones on your floor start to ring. Other co-workers cluster and chatter, louder and louder. Suddenly, the noise picks up and sweeps across the floor like a shockwave. One or two phones becomes almost all of them. Some co-workers are shouting now, panicked. Another email arrives. More details. Calls are coming in from other facilities. People don’t know what to do, and the panics sets in deeper. Something unexpected has definitely occurred.

This is just an example of what it’s like when your organization experiences an unforeseen incident. The noises you hear are the sounds of people clamoring for information both from within and outside your organization. People want to know what happened, how severe it is, and what they should do. Even worse, those at the epicenter of the event may be unsafe. It’s a disruptive, chaotic, and potentially dangerous or even life-threatening situation.

Preparation today means protection tomorrow

No matter how prepared your organization is, it's impossible to completely prevent incidents from occurring. At some point, one will happen. So, if your organization is dedicated to being as prepared as possible for moments like this, it’s imperative for you to build an incident management system (IMS) into your organization’s overall resilience strategy.

An IMS is a structured system or plan designed to minimize organizational disruption, maintain operational continuity, and protect your employees and assets when an incident occurs. It has clear instructions for how internal teams should garner situational awareness, restore normal operations, and communicate clearly, both within your organization and emergency services if needed, all to mitigate further risk and minimize additional damage.

When an incident occurs, there are a lot of decisions to make. You need to prioritize tasks, delineate responsibilities, and give updates to stakeholders, just to name a few. Having an IMS in place to improve situational awareness leads to more informed decisions and outcomes that are more likely to produce the results you want. If these decisions successfully limit damage and mitigate risk, the less costly your organization’s recovery will be.

An incident is also likely to impact your organization’s public reputation, whether immediately or eventually. Therefore, an IMS also includes plans for how to effectively communicate the right information to the public and outside agencies like media outlets and industry groups. It’s important to remember that not all damage is physical, and your organization’s credibility is a valuable asset, perhaps even its most valuable one.

Additionally, some laws or governing bodies require certain types of organizations to maintain an IMS or incident response plan as part of their regulatory compliance. For example, the Federal Select Agent Program in the U.S., which oversees the possession, usage, and transfer of certain agents and toxins, requires all registered entities to “develop and implement a written incident response plan.” So, on top of improving readiness, having an IMS can also prevent penalties.

What’s the National Incident Management System (NIMS)?

When an incident occurs, people often look to the government to lead critical response efforts as they have the gravitas, jurisdiction, and budget to do so. But incident response is most successful when it quickly and effectively stabilizes the situation, neutralizing the spread of secondary effects. In many cases, even regional or local government doesn’t have the same connections to a local community as more ingrained private sector organizations.

The government needed a way to empower private sector organizations to more effectively deliver potentially lifesaving assistance during times of incident response, especially those organizations with access to critical infrastructure and services. They also wanted to establish more effective protocols through which they could partner with private sector organizations more effectively, especially for large-scale, multijurisdictional incident response efforts.

This is why the Department of Homeland Security introduced the National Incident Management System (NIMS) in 2004. It’s a standardized framework for incident management response that includes flexible and responsive protocols for any incident, irrelevant of its scope, magnitude, or location. It also includes a common vocabulary for incident response, making it easier to coordinate with government organizations at all levels.

By using the protocols laid out in NIMS, every organization that participates in the response to any incident — regardless of its hazards, impacts, or complexity — takes the same approach predicated on the same governing principles. Those principles are:

• Preparedness: Planning, organizing, training, equipping, exercising, evaluating, and taking corrective action to achieve and maintain readiness to respond
• Communications and Information Management: Compiling data from across sources to create a common operating picture (COP), so the incident commander or unified command can make consistent, effective, and timely decisions, and share them with all respondents to ensure uniform situational awareness when conducting operations
• Resource Management: The coordination, oversight, and processes necessary to provide appropriate resources in a timely fashion during incident response
• Command and Management: Enabling effective and efficient incident management and coordination by providing a flexible, standardized structure
• Ongoing Management and Maintenance: Keeping all other components at full readiness and making adjustments to each when improvements are available

The role of Emergency Operations Centers (EOCs) in incident management

When an incident is of a magnitude that results in significant organizational disruption, property or asset damage, or has the potential to significantly impact an organization in other ways, its response may call for the creation (or activation) of an Emergency Operations Center (EOC). This is either a physical or virtual location that acts as a meeting place to ensure uniform cross-team situational awareness to encourage more informed, organized decision-making.

From an EOC, the incident commander or unified command — the individual or group for whom a COP is created, and from whom priorities and tasks are assigned — has the space to manage information and resources and make informed decisions about where and how to allocate resources to deliver the most effective incident response. Tracking and evaluative functions during incident response can also take place at an EOC, to document all decisions made in the course of incident response, measure their efficacy, and adjust where needed.

Depending on the size or scope of the incident, it may be advisable to develop a system of EOCs in multiple locations, with one EOC acting as the primary location. A primary EOC tends to be situated closer to where stakeholders can easily be gathered, such as an organization’s global headquarters. Secondary EOCs tend to act more as mobile command posts, closer to the physical location of an incident’s direct impact, to make it easier to gather information.

The role of digital technology in incident management

As the world continually grows more technologically complex, the complexity of potential incidents grows in corresponding fashion. To effectively manage incident response, an organization’s IMS must account for both physical and digital spaces, with elements of the IMS designed to account for the vastly different needs of each space.

The nexus between physical and digital spaces is also increasing as organizations do, store, and process more of their operations in digital spaces. As a result, many incidents now take place either partially or exclusively in digital spaces, such as data breaches and other attacks on organizations’ cybersecurity.

To gain the readiness needed to meet the challenges of incident response in 2025 and beyond, your organization needs a powerful incident management solution with one foot in each space — a digitally native platform complex enough to help your response team navigate intricate cyber incidents that’s also built on the time-tested principles that have driven successful responses to physical incidents since incident management was first defined.

When seeking the right digital incident and emergency management software, look for one that lets your team:

• Respond swiftly and confidently to all hazards with best-practice IMS standards from around the world, including NIMS/ICS, AIIMS, and JESIP
• Stand up and manage multiple EOCs more effectively with customizable UIs (user interfaces) that unify related incidents for your incident commander or members of unified command
• Create a COP with the highest level of situational awareness for your EOC unified command with field personnel updates, GIS feeds, email, social media, and critical info on comprehensive dashboards with integrated external data feeds
• Synchronize and align response efforts with team activation notifications, defined roles and responsibilities, and a centralized location to collaborate, share information, and record event critical information
• Contextualize areas affected by incidents alongside weather and critical infrastructure by incorporating Esri ArcGIS, WMS, KML, GeoJSON, or other sources
• Keep connected and improve information management during response via email, SMS, voice message, push notifications, or within the platform itself
• Ensure uniform conduct of incident response operations with response plans and checklists, whether pulled from best-practice templates or designed by you
• Optimize information management with custom sitreps, briefings, objectives, incident action plans, or built-in ICS forms, with time-saving automatic field population

Even though no organization can guarantee that incidents won’t occur, your organization can leverage the most powerful preparatory tools like Noggin to deliver a more efficient incident response when they do. This way, you can protect assets more effectively, recover more quickly, minimize the damage done, and return to the normal course of business faster.

In other words, you can more easily achieve the goals of incident management and get back to what you do best. Request a demo of Noggin today and see what a more resilient future for your organization can bring.