Notebook with Plan written on it

What is the purpose of an incident response plan?

“…And none of us had a playbook…there’s a thing they say; ‘Ok, this is happening now. Crack this open and it’s going to give you the playbook of how to deal with this.’ It wasn’t there.” – Dan Bartlett, Former White House Deputy Communications Director.

Having recently watched the BBC documentary ‘9/11: Inside the President’s War Room’, the comment from Dan Bartlett resonated. On that day the unimaginable happened, so how could it have been envisaged let alone planned for? Who could’ve possibly designed a playbook or a response plan for such a devastating event?

But 20 years on, a ‘playbook’ and incident response planning for an instance of such scale is now not so much of an outlandish concept.

Preparation and planning for an incident is vital to any business, institute or organisation, no matter what size instance, establishment type, whether a cyber breach or non-cyber event. An incident response plan provides composure in a chaotic and confused situation, and playbooks within the plan can give effective, clear direction in time of crisis.

Notebook with Plan written on it

From own previous experience or learning from the incidents of other similar organisations, a plan can be devised to address feasible threats and crisis situations.

By creating an incident response plan that covers most possible events, you can identify;

  1. the process for mitigating tasks to be carried out,
  2. key personnel who will need to be involved and informed,
  3. the tools you’ll need to be able to mitigate the situation as quickly as possible,
  4. the communications channels to effectively share vital information,
  5. reporting processes and obligations that are required for company protocol and possibly legal policies, and,
  6. the training requirements, for smooth implementation.

1. Activity

Have you thought about what actions are needed for you to respond effectively to mitigate an incident as quickly and efficiently as possible? What factors need to be considered when responding to an unexpected event? Who is going to action various tasks, how and when?

  • Plan out the scenario/s of possible incidents and identify a process of what needs to be done, when and by whom.

2. Personnel

Some incidents can be contained within one department, but others may require input by several. Do these colleagues know what they need to do, what action they need to take? what role they play?

  • Plan out the scenario/s of possible incidents and identify the required response to see the touch-points of individuals and departments.

3. Tools

Do you have the right tools to hand, and do the relevant people know how to use them? Just as a volunteer fire marshal may have the knowledge and training to use an extinguisher… what if there is no extinguisher?

  • Plan out the scenario/s of possible incidents and identify what tools you would need and whether you have them. This could be anything from tech secure comms, physical spare sets of keys to something as simple as a pen and paper.

4. Communications

When faced with an incident, communication is vital, this can be internal or external communications.

  • Plan out the scenario/s of possible incidents and identify who needs to know what and when, and, how are you going to contact them. Communication has become more and more reliable over the years, with many communication channels available, but you also need to consider other key factors; the urgency of contacting personnel, what if the phone is switched off? – should there be an on-call rota in place? Communication security – eg. if a computer system has been hacked, you can pretty much guarantee your email is compromised.

5. Reporting

It’s critical to consider the fall-out of an incident and what responsibilities you have to inform internal management hierarchy and potentially external authorities especially if incident has a direct effect on public safety and welfare.

  • Plan out the scenario/s of possible incidents and identify who could be affected and therefore who or what dept. / authority need to be informed immediately. This also falls into your considerations re. communications.

6. Training

Having a plan is worthless if no-one knows how to implement it. Running regular training exercises based on the plan, with the key colleagues using the tools required, will ensure that should the worst happen, everyone is well aware of their roles and responsibilities. And actions can be taken calmly and effectively to reduce incident impact.

  • Plan out the scenario/s of possible incidents, build play books to follow and ensure required personnel attend trainings. Training exercises are also an opportunity to identify any issues or concerns in response actions, tasks and workflows, that can then be worked on to fill any gaps.

By planning out the scenarios of potential incidents, you can create your incident response plan to address most eventualities and create your playbooks within the plan to be able to effectively respond to various situations.

Not all events can be conceived, but with an effective incident response plan prepared you are better placed to deal with the unexpected; and your team, your colleagues, your organisation will be best prepared to react quickly and efficiently.

Stopping the downfall of dominos

Consider an Incident Response platform

To optimise response plans, many organisations use a platform that brings all the key incident response components together into one place to provide easy and quick access for all those involved in responding to an event. 

Find out more about choosing an incident response platform here.