Avengers, Assemble! Roles and Responsibilities of Your Incident Management Team
We all know the storyline.
A fictional villain with a nefarious plan attacks and gains the upper hand. All seems lost until a team of heroes steps in and saves the day. This same scenario plays out in the real world of corporate security. Your incident management team plays the superhero standing by to fight threats to your company’s overall safety, whether to its people, places, or assets.
What is an incident management team, anyway?
Incident management is the process a company follows to handle unplanned risk events like security breaches, accidents, workplace violence, or on-site robberies. It’s impossible to make your incident management process happen without a skilled incident management team with clearly defined roles and responsibilities. Much like each hero has a unique role on the Avengers’ team thanks to their powers, every member of your incident management team (IMT) is essential to its operations and success.
An incident management team is a group of individuals within an organization who are responsible for managing and responding to any incidents or emergencies that may occur. An experienced incident management team can quickly identify and respond to an incident or emergency, minimizing its impact on the organization and reducing the disruption to its operations.
In situations where there is a threat to the safety and security of employees, customers, or assets, your incident management team can take swift action to ensure everyone is safe and secure. Effective incident management responsibilities include clear communication that keeps stakeholders informed and up-to-date with accurate information. Your incident management team may also need to coordinate necessary resources for incident response, including personnel, equipment, and supplies.
After an unwanted event, an incident management team can conduct a post-incident review to identify what worked well and what didn’t, and use that information to improve its incident management processes in the future. Ensuring your IMT holds the essential positions listed below means when a physical security battle does come, your team can fight cohesively and utilize their collective strengths to provide the strongest defense. Though the people on your IMT may shift depending on the nature of the incident the team is responding to, here are five roles, responsibilities, and core functions critical to your incident management success.
4 critical incident management team roles and responsibilities
1. Incident management team lead
The team lead (sometimes also called an incident manager) is responsible for a given incident response effort from end to end. They drive and coordinate incident response activities, delivering information or deciding on best course of action on behalf of your IMT. Just like a jury establishes a foreman to speak for the people on it, having your team lead speak for the whole team makes communication more efficient.
Establishing a clear IMT leader empowers other team members to focus on their parts of the incident response and resolution process. It also clarifies that someone is clearly overseeing the process and keeping them focused on the goal at hand. When you fill this position first, you also establish a clear chain of authority and responsibility. This gives other departments in your larger company confidence that someone owns the incident response process.
Characteristics your incident management team lead should have:
- Proximity to your facility or base of operations (for maximum visibility into the incident and what can be done to address it)
- Experience with operations directly related to the team or department experiencing the incident (so they have the knowledge to make informed decisions and, if needed, support why they made them)
- Excellent listening and communication skills (so they can accurately inform and update team members, and guide direction)
2. Investigative lead
Though their role isn’t public like the team or PR lead (more on this below), an investigative lead is heavily involved in the entire incident response process. They’re responsible for case management or collecting and analyzing information about the risk events to prevent future ones. The investigative lead typically works with other analysts to find the root causes of the incidents (optimally through incident management software) and recommends system, service, and business recovery options.
Your incident management team can’t effectively respond to incidents without an investigative lead to provide a clear understanding and interpretation of the actual risk event, so you can brainstorm and implement viable solutions and action plans for preventing or mitigating future events like the one experienced.
Characteristics your investigative lead should have:
- Proximity to your facility or base of operations (for maximum visibility into the security incident and to better work with your incident management team lead and investigative assistants)
- Experience with operations directly related to the incident at hand (so they know how to dig into potential problems and understand possible solution pathways)
- Attention to detail and problem-solving skills (so they can examine the incident from all angles and look beyond apparent roadblocks to find hidden problems)
3. Incident reporting and documentation lead
An incident reporting and documentation lead helps your incident management team create a clear trail of events. With someone in charge of tracking the timeline, your security team can quickly address current and future risk events. Primary responsibilities of an incident reporting and documentation lead include what the job title implies: investigation and discovery of an incident and documenting what the IMT does about it. Beyond documentation and reporting, this person owns the chronology of the incident process and keeps the rest of the team working toward a timely resolution.
This person is less involved at the beginning (identification and analysis) stages of incident response. However, they’re central to its back-end success and are generally in charge of officially closing an incident — marking its resolution — after the investigation is complete.
Characteristics your incident reporting and documentation lead should have:
- Relevant technical expertise (to anticipate and advise steps required for resolution)
- Knowledge about the industry or technical requirements (to understand the legal requirements that must be followed during complaint incident resolution)
- Excellent communication skills and an analytical mind (for accurate and thoughtful reporting)
4. Communications/PR lead
Your incident management team’s communications or public relations (PR) lead prevents information silos and keeps the incident team and leadership informed, so that it can work successfully toward incident resolution and minimize possible damage to your company brand. They handle communications with the team, public, board, and other stakeholders to protect your public image during the incident response process. The communication or PR lead also aids management through clear internal communication assistance, to minimize the impact on overall performance and efficiency. The only core IMT member that likely doesn’t have a technical or security background, the communications lead, gets involved immediately after the incident has been discovered and is publicly engaged through to the incident close.
Characteristics your communications/PR lead should have
- A location likely at company HQ or operations base (for more direct communications and to protect your company image during press communications or photo opportunities)
- Calm presence in a crisis (so communications are clear and well delivered)
- Excellent interpretive skills (to take a variety of sources/styles and create a positive, cohesive message)
- Network of media contacts to help facilitate the flow of communication about the incident once a narrative has been agreed upon
5. Legal Advisor
The final core incident management team member, the legal advisor, also leads the de-escalation of events to help your company recognize and address potential criminal charges the incident might cause. The legal advisor is involved throughout the incident response process and guides procedure and direction as needed to ensure you stay compliant.
A capable advisor should understand appropriate guidelines for incident response and encourage the team to follow them by sharing potential consequences of non-compliance.
Characteristics your advisor should have
- Access to both legal and company resources (to inform and advise proceedings within compliance)
- Framework expertise (to understand the various frameworks and how to act appropriately in them)
- Company knowledge and rapport (to gracefully navigate the complexities of incident resolution)
How Resolver arms your incident team with the right tools
Even the strongest team of incident management superheroes is limited without resources to help them save the day. If you’re still relying on outdated tools and manual processes to address modern threats to your corporate security — there’s an easier way.
Incident management software helps your entire IMT work proactively and with agility by using our technology to its advantage. Resolver’s incident management solution automates the incident and investigative process to mitigate losses and reduce the number and severity of incidents by streamlining incident submission, automating triage and workflows, and expanding reporting to show the impact of what you do.
Want to learn more about how Resolver could fit into your IMT planning? Tom Newman, Port Administrator at Manzanillo International Terminal (MIT) in Panama shares his experience of how Resolver’s incident management software helped provide meaningful risk and security data to reduce incidents to personnel, property and cargo. “I believe our success directly relates to how we embrace change as an organization,” Newman says. “We were up and running with Resolver in just four months. Our case management and incident management is much improved, and we are now looking at risk in terms of mitigation and implementing controls. Just like putting on a seat belt when driving.”
- Read the MIT case study
- Register for an upcoming Incident Management product showcase to see Resolver in action