4 things you MUST address in your incident management policy

by:
Dan Simms
on:
November 27, 2019 3:42 PM

 

Our run down of best practices for what to include in your incident management and communication policy - including who should be told, the information that should
be provided and when updates should be
issued.

 

 

1. Who should be told?

 

One of the first things you must address in your incident management and communication policy is who should be told or notified during an incident. It is a good idea to break this down further by the type or level of incident, for example a major incident might need to notify more senior member of the team. 

 

It should also be noted that it's useful to put a timescale on this initial communication too. Those who are currently affected by the incident should be notified immediately when a major incident occurs but since proactive communication is usually better received during an incident, consider adding further timescales for notifying those who may be affected in the future. 

 

It is important to consider all stakeholders in the communication policy. This includes internal users within the service provider, business users, third party users, end customers, business owners and perhaps external agencies and authorities.

 

 

2. What information should be provided?

 

You should always include guidelines within your incident communication policy on the information you're providing during an incident. Make sure that the information you give is concise, and helpful or informational.

 

It should also be made clear as to when the next update will be given, as this will reassure your colleagues, team members, pupils or clients - so in your incident communication policy you may want to consider guidelines on your update timescales. 

 

During incidents of an IT natural, you should always avoid a purely technical response. It's also important to remember that even if a major incident happens and you don't have the full details, resolution or work-around - you should still notify your colleagues, team members, pupils or clients immediately. 

 

 

3. What medium should be used?

 

The obvious medium to use when an incident happens may be email, but it's important to consider that there needs to be alternatives available depending on the circumstances. It should also be considered in your incident communication policy as to whether remote workers or those that aren't screen facing should receive notifications through alternative communication channels. 

 

 

4. How to validate, confirm and notify closure?

 

You should of course also consider how your team validates, and confirms closure of an incident - and how this is then distributed to your colleagues, pupils and clients. Clearly the application of a workaround or temporary fix should be communicated to stakeholders but you should detail in your documented incident management policy as to when to close the incident. 

 

No longer is it as simple as broadcasting the circumstances of the incident, a fit-for-purpose major incident communication policy should include all of the details listed above, including who should be notified and how, along with updating information and closing an incident. 

 

Want to learn more? Download our FREE ultimate guide to incident communication now.