How to Write an Incident Management Checklist

Jan 2, 2020
What would happen to your company if it lost $3.92 million in an instant?

That’s the average total cost of a data breach in the United States and a grim reality that occurred more than 1,200 times in 2018. In addition to cyber threats, there are also myriad incidents that could threaten the security and future of your company, including natural disasters and other physical hazards.

Are you prepared to weather these kinds of storms? Unless you have a dedicated incident management checklist in place, the answer is likely “no.” Creating one doesn’t require a significant investment of time. Still, it could make all the difference when you’re faced with the unexpected.

Read on to learn how to create a comprehensive incident management checklist that can help make sure your teams are as protected as possible.

Why Do I Need an Incident Management Checklist?

No organization, regardless of size, is immune from external threats, which can range from hackers to hurricanes.

However, small businesses are even more susceptible to these perils, as many lack the infrastructure required to fortify their workplace against them proactively. In fact, research shows that nearly 70% of SMBs experience a cyberattack every year. 

They’re also hit harder by natural disasters. Thirty-five percent of companies that operate in FEMA-designated disaster areas report revenue losses of more than $25,000 after such an event.

An incident management checklist won’t shield your company against all losses. Nor will it make it entirely impenetrable to external assaults. What it will do is give your employees a clear path to follow when the worst happens. Knowing how to react is critical to minimizing losses and regaining as many assets as possible.

Creating Your Plan, Step by Step

Looking at a blank screen and unsure how to craft an effective incident response plan? Resist the urge to follow the path of many business leaders and use a cookie-cutter template that isn’t specific to your organization. Recent reports reveal that most companies rely on generic documentation devoid of actionable items, rendering the entire effort fruitless.

While the below checklist can serve as a starting point for your plan, remember that it’s essential to customize it to fit your needs. In addition to protecting your IT infrastructure and data security, your plan should also include steps to take in the event of a natural disaster or another physical incident.

That said, let’s take a look at the steps to follow when you’re ready to create your incident management plan.

Step 1: Establish Ownership and Authority

Before you begin to write your actual checklist, you must first decide who will be in charge of it. To help make your decision, focus on employees who meet the following criteria:

  • They have been trained in incident management and workplace safety and security.
  • They have access to the tools and technology required to manage the incident.
  • They are positioned to provide quick and effective incident response. 

In addition to appointing one or two business leaders as guardians of the plan, you should also involve your executive team members in its development. Their approval and buy-in is critical to the performance of the plan and should not be overlooked.

Step 2: Set Roles and Contacts

Next, you’ll identify everyone who could be involved in your organization’s incident response process. Include employees across different departments, including:

  • Executive team
  • Customer support 
  • Legal support
  • Technical support
  • Public relations
  • Finance
  • Human resources

List each person by name and clearly define his or her role. Now is not the time to make broad assumptions or generalizations. Spell out how an incident could affect these employees, and how they’re expected to respond. 

Step 3: Determine Alternative Communication Methods

What happens if an intense storm sweeps through and knocks out your phone lines? What if a hacker gets into your network and you’re unable to communicate over the internet?

A lack of access to traditional technology could significantly impact your organization, so it’s important to have alternate communication methods in place. Create a list of people that you’ll need to contact as soon as an incident occurs, such as technical responders.

Then, make sure you have online and offline methods in place to get in touch with them as soon as possible. Only having their telephone number and nothing else could hinder your ability to notify them in the future.

Step 4: Identify and Confirm the Incident

Once you’ve taken care of preliminary details, you’re ready to define the actual steps that your organization will take if an incident occurs. Your first step is to identify and confirm the incident.

Keeping in mind that your process should be specific to your company, most plans will include steps that cover:

  • Incident identification
  • Incident reporting
  • Incident tracking (all sources and times of occurrence)
  • Incident analysis (initial source, type, impacted assets, location, scope)

 Based on this data, your response team can identify the overall impact of the incident on your business. 

Step 5: Contain the Incident

Once you confirm that a threat is present, you can take quick action to help mitigate the damage it will cause. At this juncture, you’ll have two choices: watch the threat or contain it.

To help you decide which course of action to take, you can asses the impact of the threat by asking:

  • Which systems are affected?
  • Has any sensitive data been stolen?
  • Has any mission-critical hardware been destroyed?
  • Does the incident carry any legal ramifications?

If you decide to pursue containment, you may need to contact local law enforcement authorities, especially if the impact will affect other organizations.

Step 6: Eradicate Impacted Systems

When responding to a cybersecurity incident, you can mitigate its impact by restoring your systems to their pre-attack state. This helps shut down a hacker’s access to your accounts and networks. Common steps include:

  • Patching your systems
  • Closing network access
  • Resetting the passwords of compromised accounts

Step 7: Recover and Restore Systems

Once the incident has passed, you need measures in place to recover and restore as many of your lost assets as possible. It might take some time to regain the integrity, confidentiality, and availability of your systems, but the effort is necessary.

Moving forward, you can use your incident identification and confirmation process outlined above to monitor and continuously detect incidents in the future. 

The Integrated Business Continuity Solution You Need

What if your company could prepare, protect, and respond to any incident, from anywhere in the world? With our platform, it can.

This all-in-one cloud platform helps business leaders manage incidents, enable mass emergency notification, and plan for business continuity, all from their preferred device. In essence, it allows you to take your incident management plan on the road, ensuring constant access to the resources you need to stay afloat.

Contact us today to learn more about how the app works and discover the other ways we can help your business stay in business.

Download Our Free Incident Management Checklist

Our downloadable checklist can be the perfect template to get you started.