This week, Charlie discusses why using a simpler incident response model is better suited for clients.
For a long time, I have been working on developing and refining a framework for responding to and managing incidents. The framework has to be simple, as those who are going to use it will likely have limited training, and it has to be flexible to ensure that it can cope with a wide range of incidents. There are a number of good incident management processes already in existence. The two which I am most familiar with, are the UK Police National Decision Model, and the British Army Orders Process. Both are tried and tested processes for managing incidents, but I have always felt that you would need a high level of training to use them successfully. I have always worked on the principle that senior managers are likely to give you 2-4 hours of training and exercises per year, and so the tools and techniques you teach them during this time have to be simple and easy to use.
Figure 1: The incident management process we teach at BC Training.
Situation – This is where we gather information and conduct situational awareness so that we have an understanding of the events that took place during the incident, what actions others were carrying out, the attitude of our key stakeholders and who is taking an interest in the incident. We also check whether our previous actions have been successful or if we need to adjust our response.
Direction – This is where the incident team get together, shares the information, and then makes the decisions.
Action – This is where the team implement the agreed upon action and then communicates with the stakeholders.
We also teach, that within our response you should take into account a number of elements (Figure 2) when making a decision, and deciding how to respond to the following:
- We respond in line with our organisation's purpose and values.
- We take into account others’ views which could be internal staff, or external stakeholders, such as regulators.
- If we have stated objectives for this incident then we should work towards them.
- We should also work on any plans or procedures we have in place relevant to this incident.
Figure 3: Police National Decision Model.
As you can see the Police National Decision Model is more complex than our Situation – Decision - Action Model, and that’s why we don’t suggest to our clients that we use this model. One of the aspects I do like in this particular model is the idea of developing a working strategy, and I think this should be written into our process for managing incidents.
I think a key action to be added to plans is the action in box two of the National Decision Model “assess threat and risk and develop a working strategy”. It’s good incident management practice, that when faced with an incident to do a dynamic risk assessment to better understand the incident, and the possibility of how it might progress. If we look at the best, most, and reasonable worst case scenario this can give us an idea of how the incident might progress and what actions we might have to take to prevent the worst case from happening. This covers the “assess threat and risk”.
When we “develop a working strategy”, this is where we decide our approach to managing the incident, and how we are going to deal with the consequences of it. Incident teams may do this naturally, but I think it’s a good idea to formally include it in the incident management steps, so that how the incident will be managed is formally considered. When the working strategy is developed, existing plans and procedures have to be taken into account. If we have plans or procedures for this incident then we should follow them. All too often in exercises, we have seen teams ignore the plans and make up their own response as they go along. If the existing plans in place don’t fit the incident, then this should be formally decided upon and logged. The development of a working strategy should be carried out in the direction incident management process, and should be included within the team’s agenda. Once the working strategy is in place and agreed it can be adjusted to the needs of the incident.
So in conclusion, within all plans there should be an incident management process which is simple and can be followed by those with limited training. One of the steps in the process, should be to develop a working strategy by considering what we know about the incident and the possible risks. This strategy should also take into account our existing plans and procedures if they are relevant to the incident. By having a robust framework for managing an incident, we then give ourselves the best chance of successfully managing an incident.