Recognize, react and respond.
Continuity Planning is the process of recognizing events that
will affect the business, reacting appropriately to those events, and then
responding to resume operations as quickly as possible. Events can range from
public relations missteps, internal or external security breaches, natural or
unnatural disasters, terrorism, unintended privacy violations, unexpected
financial situations and a host of other conditions that interrupt normal
Incident Management process transcends the conventional thinking that
pigeonholes problems and solutions according to their cause and instead focuses
on the enterprise and its need to function well in the face of adversity
regardless of the cause. It is only when the planning is defined and conducted
to handle Incident Response, Contingency and Continuation, and Disaster Recovery
that Incident Management is in operation.
conventional wisdom has been to assign responsibility for incident management
based on the cause and the potential impact. Therefore, natural disasters were
within the domain of risk management while security breaches were assigned to
the technologists and the legal department handled privacy breaches. This
conventional wisdom increased the cost of Incident Management and prevented
optimal utilization of existing corporate resources and capabilities.
Responsibility is shared across the enterprise.
Today’s connected, global and distributed
enterprises have recognized that all incidents share the same need for
recognition, reaction and response. Therefore, they have lowered costs and
increased effectiveness by including all incidents within a single overarching
Incident Management methodology. While responsibilities for specific actions,
including detailed plans and test routines still fall to the appropriate
department, the overall process and plan benefits from sharing corporate
It is almost a certainty: Every major company will face a
significant incident within three years. A global Incident Management
methodology will lessen the effect of that incident on the corporate brand,
image and revenues. No longer do we look at incidents as earthquakes or
tornados, hackers or corporate espionage, terrorism or sabotage. Today, an
incident can be any one or more of these, or can be something as simple as an
accounting error that requires rebuilding and reestablishing financial
baselines. It can be something as important as a breach of privacy that reveals
private information about corporate customers.
Any incident can cause corporate
harm; every incident is less harmful if you see it coming.
Any incident can cause corporate harm; every incident is less
harmful if you see it coming. Incident Management is about getting prepared so
that you can see an event coming, mitigate the harm beforehand, and respond
quickly and effectively so you can get on with business.
the return on investment (ROI) for conventional Disaster Recovery or Business
Contingency Plans was difficult because it relied on probabilities of events
occurring and likelihood of impact on operations. These small probabilities were
not conducive to persuasive presentation or analysis.
Incident Management does not
rely on low probability events for calculating ROI.
Incident Management does not rely on probabilities because the
set of events encompassed by Incident Management occur with regularity and
predictability. Incident Management includes not just disasters, but normal
business occurrences that must be handled on a regular basis.
Events included within Incident Management include normal
business migrations as well as system outages. They include security or privacy
breaches caused by normal errors as well as those brought on by hacker attacks.