Home » Process » Bad things will happen

Bad things will happen

By in Process on .

How you react to them, and whether you manage them or they control you is a matter of planning, but no one likes to plan for a risk becoming an issue.

Risk Registers are built and Controls are put in place to control the risks. A control, however, only reduces a risk rather than eliminates it completely. There is still a possibility of the events in the risk actually occurring. It is a common failing to believe that identifying a risk, and associating a Control with it makes the risk disappear.

Planning for a Controlled Risk actually happening often feels like a worthless activity, and so there is little effort or enthusiasm in performing it. There is also a view that says “We don’t know what will happen (if we did we’d have stopped if happening), therefore we can’t plan for it.” This is largely true, but a general structure and roles in addressing an event can be established.

The aim of an incident response plan is to reduce the opportunity for chaos, enabling a business to recover as quickly as possible and to reduce the losses.

What is in the plan?

  • Pre-agreed Roles and Responsibilities.
  • How an the Incident Team is triggered
  • Who owns the Incident.
  • The support they can call on: Technical and Security experts, Media Relations, Property and Transport.
  • How the Team will Communicate, both between the members of the team and with other stakeholders.
  • What records they will keep.
  • What authority they have
  • What limitations will they have on funding and resources.

Doesn’t this sound similar to a Business Continuity and Recovery Plan?

Tags: ,

Leave a comment

Your email address will not be published. Required fields are marked *

Simon Barton