We’ll be at Ethisphere’s 2024 Global Ethics Summit in Atlanta, April 22-24. Learn more about the show here.


To Be Effective, Your Incident Management Program Should Include These 6 Steps

To Be Effective, Your Incident Management Program Should Include These 6 Steps

Every incident management program should start with a well-written policy and end with comprehensive analysis.

Imagine you wake up one day and your organization's systems have been breached, exposing thousands of customers' personal data.

Or, you enter the office, only to find it ransacked, with hundreds of company laptops gone.

Or, a productive and well-liked employee is injured on the job, leading to a weeks-long leave from work.

Does your company have a plan for dealing with issues like these?

A well-defined incident management program keeps chaos at bay when an issue arises. With a set policy, investigation method and analysis process, you can better address immediate problems as well as prevent future incidents, protecting both employees and your organization.

Jump to a section:

Do you have a clear, concise incident response plan?

When an incident occurs, your workplace could descend into chaos if you don't have a plan. Employees need guidance and clear steps to follow. Download our free incident response plan template to get started.

Get the Template

1. Clear Incident Management Policy

Even the smartest incident management program won't be effective if you don't communicate it well. That's why the most important aspect of a program is its accompanying policy.

Your incident management policy should outline the steps of your program in a clear, concise and organized way. This document explains how employees at each level and/or department should respond to different types of incidents so everyone knows their responsibilities when an incident occurs.

A strong incident management policy should include the following sections:

  1. Purpose: What does your organization hope to achieve with this policy? How can applying it help employees, customers and partners?
  2. Scope: Who must follow this policy? What types of incidents does it cover? Where does it apply (e.g. office, work sites, remote/home offices, business travel, etc.)?  To what tools, equipment, systems or other company property does it apply?
  3. Incident classifications and responses: Describe the types of incidents your organization might face. Then, outline roles, responsibilities, reporting procedures and maximum response time for each. You might also classify the incident types according to urgency level and define a response plan for each level, rather than each type.
  4. Drills and testing: Explain how you will test employees on their response to each incident type and/or urgency level. How often will you run these drills? Who will conduct the drills and assess the outcomes?
  5. Policy review: Who is responsible for reviewing this policy? How often will it be reviewed? Outline the review process for a post-incident review as well as a scheduled review.

RELATED: How to Write an Incident Management Policy

2. Reliable Intake

You can't manage incidents if you don't know about them.

For instance, say you have noticed ink cartridges, bags of coffee and other expensive items have been going missing from the supply closet. Your office has no security cameras, so you don't know where to start when investigating the disappearance.

When Lance was chatting with his coworker, Penny, he spotted a tote bag full of office supplies under her desk. He wants to report her, but isn't sure if his company has a tip hotline. As a result, the theft goes unsolved for another year until Penny moves on to a position at another company.

Even with the best detection systems, you could be missing incidents entirely or allowing them to escalate. Without a strong intake mechanism to capture tips and complaints, you can't get an accurate picture of the risks your organization faces.

To instantly boost your incident management program's effectiveness, establish reliable, robust systems for receiving tips and complaints. These could include a hotline, dedicated email address, paper forms and/or webform.

Communicate to employees where to find and how to use each mechanism. Emphasize the importance of speaking up when they have a complaint or concern. An open workplace culture paired with easy-to-use reporting systems make employees more likely to report issues, helping you detect and prevent incidents.

Case IQ's incident management software captures every incident, instantly creating a case file so nothing falls through the cracks. Learn how it can streamline your intake and assignment process here.

3. Organized Emergency Response

Does your incident management program lay out first response steps?

Whether you're dealing with an injury, a cyberattack or theft, you need to react quickly, yet thoughtfully. An effective program explains the steps every employee should take in the event of an incident so the workplace doesn't descend into chaos.

For each incident type, describe how to fix the immediate problem. For example:

  • Cyberattack: employees designated in your program should disconnect networks and/or systems to prevent further damage
  • Employee illness or injury: administer first aid, call ambulance, fix or remove source of injury
  • Theft: call authorities, log missing inventory

After you've responded to the incident, you might need to report it to relevant bodies.

Workplace injuries and near misses must be reported to OSHA (or CCOHS in Canada). Data breaches require different reports depending on what data you hold and where you're located. These reports are based on regulations from the GDPR, FERPA, HIPAA, CCPA, PIPEDA in Canada and more.

Build compliance into your incident management program by including reporting in your response plan. For each type of incident, ensure employees know:

  • Their compliance responsibilities
  • Reporting deadlines
  • What forms or formats to use and what information to include in the report
  • Who/where to report

Incident management software with built-in forms and integrated reporting ensures compliance with OSHA and other regulators. Download our free eBook to learn how.

4. Thorough Investigation Process

The effectiveness of your incident management program relies heavily on your investigation process.

A slow, unorganized process leaves room for errors in the investigation and repeat incidents in the future. For each incident type, clearly define:

  • Who investigates incidents? How do you choose the investigative team?
  • What physical evidence do you need? Who will collect it and how?
  • Will the investigators need to consult outside experts (e.g. accountant, IT expert, lawyer)
  • Who will conduct interviews with witnesses and the victim (if applicable)?
  • How and where will they conduct these interviews?
  • Who will analyze the incident and how?
  • Who is responsible for submitting the investigation's findings to stakeholders (e.g. management, victim, accused person)? How will they do it?

While some of these answers may change from one investigation to the next, having a general plan in mind streamlines the process. Everyone can jump right into their roles to ensure a swift resolution.

Keeping everything organized and on-track can be tough, especially for complex investigations or large teams. Set up a centralized repository for evidence. Investigators won't have to waste time searching for information and you won't accidentally lose important data.

To improve your investigations, look for incident management software with a centralized database. This allows teams to collaborate securely, ensuring a thorough, compliant investigation that doesn't sacrifice privacy.

5. Detailed Reporting

At the end of an investigation, management expects a complete, detailed report of the findings.

If investigators submit a sloppy, rushed or biased report, no one benefits from the investigation. An accused person could be punished for something they didn't do. The investigative team might not identify the real root cause of an incident, so the same issue happens again.

For instance, say Brian works for a landscaping company. He falls off a ladder while trimming a tall hedge and fractures his wrist. The investigators determine that rain had caused Brian to slip and fall. However, after recovering, Brian falls again a few months later.

If the investigators had been thorough, they would have found that Brian was never trained on proper ladder usage, which was the root cause of both falls. Management then could've trained Brian and other new employees, preventing Brian's second fall and other future ladder-related accidents.

You can't have an effective incident management program without careful investigation reports. Knowing the who, what, where, when, why and how of the incident will help you focus your preventive efforts. But if you miss or leave out important insights, you put employees, clients and/or customers at risk.

6. Thoughtful Incident Analysis

The final step of your incident management program should focus on prevention. You want to find out why the incident occurred and what you can do to ensure it doesn't happen again.

Incident analysis starts with creating a timeline of events that led up to the incident. Use evidence (e.g. records, interviews) to objectively gather information about what occurred right before the incident.

Next, conduct a root cause analysis as a team. Identify all the contributing factors of the incident, then ask why each one happened. Repeat this process until you uncover a weakness or flaw in one of your policies or procedures.

Then, study historical incident data to find trends. Ask:

  • Does one incident type occur frequently?
  • Do incidents (in general or of a certain type) happen more often in a certain office/worksite/location?
  • Are there employees that are often involved with incidents?

Using case management software with a trend analysis tool can make this step much faster and easier.

RELATED: How to Conduct an Effective Incident Analysis

Finally, use the results of your root cause analysis and trend reporting to make a CAPA (corrective and preventive action) plan. Decide on corrective actions that will eliminate the incident's root cause so it doesn't happen again. Then, choose preventive actions that stop incidents before they start.

For example, if an employee was injured when working with a broken piece of equipment, the corrective action you'd take is fixing the equipment. A preventive action might be to schedule more regular maintenance on all equipment.

Or, if an employee was caught stealing, the corrective action would be to install security cameras and the preventive action would be updating your employee anti-fraud and theft training.

A thorough incident analysis process is more effective. To boost your prevention (and ensure you're not missing any key steps), download our free incident analysis checklist

Workplace incidents happen, no matter what industry you work in or what size your company is. A well thought out incident management program, though, helps you keep incidents, and the damage they do, to a minimum.