Part 7: Incident Action Lists v2

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
Click to know more
BL-CC-5 Click to know more

Part 7: Incident Action Lists

This section contains action points for a crisis scenario (situations).

These action points are not exhaustive nor will all of the points be appropriate in every circumstance. They are intended to assist in formulating detailed plans for specific crisis scenarios.

Sample Incident Action List

Crisis Scenario: Extortion

Action Steps (Before Crisis)

The Team should:

  • Consider advising the appropriate law enforcement agencies and regulators.
  • Consider making a holding reply to gain time.
  • Obtain information on the person/ organization making the request, if possible.
  • Assess the credibility of the demand and the feasibility of the perpetrators being able to carry out their threats within any time scale set.

Action Steps (During Crisis)

Whilst making the assessment:

  • Do not respond further to the initial approach
  • Improve security/protection of the assets being threatened
  • Prepare for further approaches
  • Consider the following options:
  • Payment: full demand or negotiated settlement
  • Resist: refuse to pay, leave the threatened assets/area, or allow the attack to take place and security reaction to take its course
  • Remove: appear to negotiate whilst organising an arrest operation with law enforcement agencies.

In extortion situations tight security must be maintained in all aspects of planning and when deciding policy and intention.

Sample Plan Content

Preparation

Risk Control

Employees at all levels have a role to play in eliminating and reducing the exposure to crises by ensuring that they comply with policies and standards in areas such as operational risk, security, and health and safety.

Planning

  • CC Team Coordinator is responsible for producing, maintaining and validating the CC Plan
  • Plans should be tailored to meet the particular needs of the business and will include matters such as Crisis Management, Business Continuity and IT Disaster Recovery.
  • Team members should be named and specific responsibilities should be allocated in these plans.

Threat Monitoring

The Premises Manager is responsible for monitoring environmental threats and for providing a warning of impending crises. The responsibility for monitoring business threats lies with the appropriate Functional Heads in conjunction with the Manager.

Training and Evaluation

The manager is responsible for devising and implementing a crisis management training and evaluation programme in conjunction with the Senior Management.