Bulletin / Defining the Competency...

Defining the Competency Requirements for Incident Teams

Author: Charlie Maclean Bristol, Training Director, FBCI, FEPS

This week Charlie looks at the performance of incident management teams and how incident team members can be assessed using competencies. 

You get a new job and have been hired by organisation X to roll out business continuity within the company. You have just completed the crisis team exercise; luckily, it’s a small business with only one plan and one incident management team, so you can relax. It has been a struggle, but after a year, you have finally achieved going round the business continuity lifecycle once - job done. You take a holiday, planning to come back and start round the lifecycle again, by reviewing the BIA. As you go away, you feel that the organisation is better prepared to manage an incident, as you now have the plans in place and they have been exercised.

My first question in this bulletin is, just by carrying out an exercise, does that mean that the team are prepared to manage an incident? Secondly, have you put any measurement or matrix in place to determine the team’s level of preparedness? Thirdly, have you stated the level of knowledge or competence each team member should be at, in order to assess whether they are at the required level?

In looking at team effectiveness, we at PlanB Consulting have developed an Incident Team Performance Assessment, where we measure the team’s performance against six different criteria, as shown in the diagram above. For each of the criteria, there are sub-criteria the team are assessed against. 

We use the assessment to show the performance of the team. Having done several of these, we can show their performance against the industry average. By assessing the team each time, they take part in the exercise and we can show whether the team is improving or getting worse. The model and the criteria was developed by myself, using academic rigour, as well as taking the criteria from a number of different sources. However, it is still a PlanB Consulting assessment rather than a recognised standard.  

We as a company don’t assess individuals, but I think we should have a level of competence that managers of the teams should reach. I think if we use a standard which they should reach, rather than having an individual assessment; it works better with individual team members. We like the individuals to self-assess themselves against the standard as well, so it is a personal choice with regard to what level they feel they are at. I also think this works well for teams which have deputies for every role. Instead of assessing the team, which is effectively half of the people in the team, if we look at individual competencies, we can ensure that all members of the team are up to the required standard.

There are some competency standards out there for management of incidents. The two I know of, although a little old, are those produced by the Emergency Planning Society and Skills for Justice. I have failed so far to find a really good set of ‘official’ competencies for those who have a role in an incident management team. When developing my incident competencies, I concentrated on hard knowledge, rather than softer skills. I think your own softer skills are more difficult to self-assess and my own theory is that individuals are on the team due to their job role, rather than their incident management soft skills.

In working with a recent client, I have set the following set of competencies for each manager of the incident management team:

1. To be able to judge when the plan should be invoked and how to call out the incident management team.

2. Recognise the different roles within their incident team and be able to demonstrate familiarity with their designated role.

3. Recall how their team fits within their organisation's incident management hierarchy and how an incident would be managed across the organisation.

4. To be able to manage an incident, making use of a team agenda and to carry out horizon scanning, situational awareness and the management of information.

5. To be able to recall the importance of communications during an incident and be able to construct a communications matrix for a given scenario.

6. Demonstrate familiarity with all sections of their plan.

7. Be able to describe the recovery strategies of the plan including where to locate the relevant RTOs and the resources required.

As you can see, I have written them in the style and language of learning objectives. I am not sure how different that is to competencies!

So, my questions to readers are, do you use competencies for assessing the level of preparedness for incident team members, or do you use something else, and if you use something else, what is it? Secondly, do you know of a 'recognised' set of competencies which we can all use?

You might be interested in the following stories

Love your Incident Management Support Team!

Crisis Management Lessons

Cyber Incident Management and how it is different…

You may be interested in the following course

BCI Incident Response and Crisis Management course

Sign-up to our weekly bulletin

Twitter feed

Bulletin
What lessons can we learn from Marriott’s response to their Cyber Breach?

This week Charlie discusses the Marriott hotel hack and how you can prepare your organisation for a potential data breach.

7 December 2018

“James [McAlister] was a truly fantastic tutor. Incredibly knowledgeable and passionate. Superb.”

Richard Hardwick
Hyperion Insurance Group
View further testimonials