Understanding Incident Management
Knighthood helps customers select the best level for their needs.
Enhanced
- All major security incidents are managed in accordance with the emergency or crisis management plan.
- All security investigations are subject to independent or semi-independent review.
- Regular research is conducted into measures for preventing and managing incidents as part of the continuous improvement program for processes and systems, which includes working with external experts.
- Internal and external security environments are monitored to identify issues that might affect the appropriate response in an incident. Any improvements to processes are made accordingly.
Managed
- Mechanisms are in place to record, respond to, escalate and evaluate security incidents. These mechanisms are communicated clearly and the consequences are defined.
- Employees and relevant service providers are aware of what a security incident is, how to respond, and who to notify.
- The correct external agencies are contacted in a timely manner when needed.
- There is a comprehensive, consistent and responsive approach to incident management across the organisation and a defined hierarchy of response and escalation triggers.
- Security incidents and suspicious activities are consistently recorded, tracked and investigated.
- Root cause and trend analyses are conducted to inform practice improvements.
- Incident drills and exercises are performed with employees to improve responses and any learnings are fed into policy and process reviews.
- Incident management is integrated with business continuity programs and health and safety regimes.
- Security requirements are specified to external suppliers.
- Reports of incidents are reviewed to assess the response, and any resulting improvements are implemented promptly.
- Executives and management receive information on security incidents, the measures taken to fix them, and any actions taken.
- Employees are encouraged to report security incidents and feel comfortable doing so. All reported incidents are managed appropriately.
- Information about significant security incidents are communicated to employees.
- Employees are aware of the consequences of serious incidents, particularly if security policies have been deliberately bypassed.
Basic
- Measures to monitor, detect, respond to, and manage security incidents are loosely defined, with limited central oversight, control or tracking.
- Limited awareness of the types of security incidents and their likelihood.
- Employees understand what to do in the case of an emergency, such as a bomb threat or ‘white powder’ incident.
- Employees are encouraged to report security incidents, but the level of comfort in doing so varies by group or location.
Informal
- No structured or consistent approach to detecting, responding to, and managing security incidents, and limited support from security specialists.
- No defined or communicated expectations for reporting security incidents.
- Security incident management responsibilities are unclear; response to an incident might be delayed while responsibilities are assigned.
- Security infringements and incidents are generally ignored.