Estimated reading time: 7 minutes
A cyber security or safety incident happens and is reported. What now? This article guides you to proper incident management via a digital incident management process that helps you learn and lower the risk of future incidents.
At this point we assume that you know Why every company needs and incident management system and How you set up incident reporting for lower IT and HSE risk. Now we’ll guide you to setting up your digital incident management process that can help you operationalize it using Gluu’s BPM tool as an example.
The big question is how you handle incidents, while minimizing disruption to operations. In many cases incidents are managed in a random way from case to case. This leads to poor documentation about what really happened. It also increases reputional risk. If something goes wrong and there is no sufficient documentation, then there is no trail to prove that each case was handled correctly.
What if you could run a water-tight digital process each time that would leave an accurate trail of activities behind? You actually can. Let me show you how.
”If you can’t describe what you are doing as a process, then you don’t know what you are doing.”
W. Edwards Deming
Before starting I realized that our incident management process must standardize how each incident is:
Based on the article “How to do simple process mapping”, I’ve created a process named “Manage IT security incident.” The intended outcome is simple: “Incident has been logged, analysed and preventive measures has been taken.”
To do this I just…
👉 Recommendation: Map your overall flow by adding activities to swimlanes to show WHAT is done and by WHO. Wait with explaining HOW work is done.
I then added the necessary instructions to each activity. This is to make it easier for the employees reporting incidents – and ensuring that everything is done correctly.
I then added tasks to each activity.
👉 Recommendation: Make your instructions short and concise and use tasks to highlight the most critical work since this will make it measurable.
The task for ‘Register incident’ is to fill in a form that I created in Gluu. This form will collect all necessary information about the incident, such as:
The form is access and use directly from a browser or on the phone, so employees can quickly report incidents without any hassle.
I then create process variations to make different flows for each incident type. This decides the sequence and dependencies in each flow so our incident management process will run the right way every time.
👉 Recommendation: Create an overall incident management process and then handle each incident variation as a template. This way you avoid duplicate work instructions and keep the process number low.
With a process, instructions, task and case templates ready then any employee can report incidents by starting cases. They are then automatically logged and a report can be generated for each incident, just like in this example:
This was just a quick example of how you create a digital incident management process. A full view of the corresponding ‘playbook’ is available for you below:
Download a sample IT security incident management process in playbook format with work instructions (created with Gluu).
In conclusion, incident reporting is nothing without incident management. For this you need an incident management process. This can be established easily with a tool such as Gluu as I have outlined in this article.
Here’s some inspiration on how to draw your own:
Ensuring you get the right level of support is crucial when setting up an incident management process. Gluu offers a comprehensive range of support options, making sure you’re never left without guidance. From providing initial software setup and ongoing technical support, to giving advice on best practices, Gluu helps you every step of the way. They also offer dedicated training programs to ensure your team is equipped to handle the system and feel confident in using it.
The timeline for implementing an incident management process using Gluu’s framework can be surprising. The exact duration will depend on the complexity of your organization and the processes involved. However, thanks to Gluu’s intuitive design and user-friendly interface, businesses can typically see their systems live and operational in a matter of weeks rather than months. Plus, Gluu’s expert support team is there to expedite the process wherever possible.
Adjusting to company growth and change is not a problem for Gluu’s incident management system. It’s designed with scalability in mind, meaning it can easily adapt to expanding or altering operations. Whether you’re adding new departments, onboarding more employees, or even branching into new areas of business, Gluu’s system can grow alongside you. This makes it a flexible option for businesses that anticipate future development and expansion. Gluu provides flexible settings to manage user permissions, workflows, and reporting structures that align with your company’s changes. Furthermore, because it’s a cloud-based software, you’re not limited by physical infrastructure constraints. This allows for easy scalability and adaptability to the changing dynamics of your organization.
In a move aimed at revolutionizing its retail processes, PEPKOR, a leading conglomerate, has announced…
In a stride toward accelerating the global transition to a zero-emissions energy supply, Gluu has…
In this webinar, we will discuss and give you an introduction to the main product…
In this webinar, we will introduce Gluu's services to help Process Excellence Teams in organizations…
Studies show that most ERP implementations fail. A consultancy analyzed more than 1,000 projects and…
Join our webinar and find out how you clearly differentiate your D365 implementation business -…