In his latest blog for Infologue, First Security’s John Briggs looks at the development of incident management systems and how these can be used to create a unified and effective company-wide security process.
Incident management is a critical component in the delivery of effective security services and a key element in measuring a security provider’s performance. Such measures can include how quickly incidents are responded to and how effectively the team is trained to undertake this response.
An incident can be classed as anything from a fire or flood through to theft from an area of a building. This means that the monitoring processes will vary and there will be a variety of desired outcomes.
By implementing an incident management system, organisations can be assured that when an event occurs both the security team and relevant employees are aware of which processes to follow and who to inform; to ensure that the situation is managed promptly and to an agreed standard.
There are now a variety of incident management software systems readily available, each designed to collect consistent, time sensitive, documented incident report data. This means that that once an event has occurred, the systems in place can be reviewed and amended as appropriate to ensure that the processes followed are as effective as possible.
However, as with any management system, the initial set up is critical along with a robust method for data entry, to ensure that the information provided is of maximum benefit in either preventing or minimising the risk of future incidents.But how do you begin? The key is to work with the customer.
Start by discussing which are the most likely incidents to occur and what solution needs to be reached. On day one it might not be possible to have a process established for every event, but it is possible to plan for generic incidents and then update the system as other incidents occur.
Assign step-by-step instructions to ensure that the process is followed thoroughly and consider the immediacy with which information needs to be communicated. A good system will automatically send notifications, assign tasks and escalations to appropriate individuals depending on the incident type, priority, time, status and custom criteria.
By incorporating such a system, incident management is made simpler through automation. The possibility of human error is minimised, leaving the security provider with the opportunity to be more effective in the management of the incident procedure.
Additionally, clients can be assured that incidents will be managed to the highest level of competence with the minimum amount of disruption.
Opinions expressed by contributors and commentators do not necessarily reflect the views of Infologue.com or Interconnective Limited.