Quality management (QHSE)

How to set up your incident management process

Estimated reading time: 5 minutes

A cyber security or safety incident happens and is reported. What now? This article guides you to proper incident management via a digital incident management process that helps you learn and lower the risk of future incidents.

At this point we assume that you know Why every company needs and incident management system and How you set up incident reporting for lower IT and HSE risk. Now we’ll guide you to setting up your digital incident management process that can help you operationalize it using Gluu’s BPM tool as an example.

The case for a digital incident management process

The big question is how you handle incidents, while minimizing disruption to operations. In many cases incidents are managed in a random way from case to case. This leads to poor documentation about what really happened. It also increases reputional risk. If something goes wrong and there is no sufficient documentation, then there is no trail to prove that each case was handled correctly.

What if you could run a water-tight digital process each time that would leave an accurate trail of activities behind? You actually can. Let me show you how.

”If you can’t describe what you are doing as a process, then you don’t know what you are doing.”

W. Edwards Deming

Step 1: Map your incident management process

Before starting I realized that our incident management process must standardize how each incident is:

  • reported with necessary data.
  • prioritized and escalated.
  • contained and corrected.
  • analyzed for prevention.
  • prevented from happening again.

Based on the article “How to do simple process mapping”, I’ve created a process named “Manage IT security incident.” The intended outcome is simple: “Incident has been logged, analysed and preventive measures has been taken.”

To do this I just…

  • added a swimlane per role involved.
  • added the activities of the process.
  • connected the main activities to show the ideal flow.

👉 Recommendation: Map your overall flow by adding activities to swimlanes to show WHAT is done and by WHO. Wait with explaining HOW work is done.

Step 2: Add instructions and tasks to each activity

I then added the necessary instructions to each activity. This is to make it easier for the employees reporting incidents – and ensuring that everything is done correctly.

I then added tasks to each activity.

👉 Recommendation: Make your instructions short and concise and use tasks to highlight the most critical work since this will make it measurable.

The task for ‘Register incident’ is to fill in a form that I created in Gluu. This form will collect all necessary information about the incident, such as:

  • Date and time.
  • Location.
  • Description of the incident.
  • Name and contact information of the person reporting the incident.
  • Any evidence of the incident, such as photos or documents.

The form is access and use directly from a browser or on the phone, so employees can quickly report incidents without any hassle.

Example incident reporting form in Gluu

Step 3: Prepare your process flow to run

I then create process variations to make different flows for each incident type. This decides the sequence and dependencies in each flow so our incident management process will run the right way every time.

👉 Recommendation: Create an overall incident management process and then handle each incident variation as a template. This way you avoid duplicate work instructions and keep the process number low.

Step 4: Run your flow and improve continuously

With a process, instructions, task and case templates ready then any employee can report incidents by starting cases. They are then automatically logged and a report can be generated for each incident, just like in this example:

This was just a quick example of how you create a digital incident management process. A full view of the corresponding ‘playbook’ is available for you below:

Download a sample IT security incident management process in playbook format with work instructions (created with Gluu).


In conclusion, incident reporting is nothing without incident management. For this you need an incident management process. This can be established easily with a tool such as Gluu as I have outlined in this article.

Here’s some inspiration on how to draw your own:

Tor Christensen

Recent Posts

How D365 partners can go from projects to ongoing services

https://www.youtube.com/live/lhPrjcAoMt4?si=mKA__T1oxftmFAW8 Join us on Tuesday, February 27, at 3:00 PM CET Join our webinar and…

1 month ago

2023 Product Highlights: A Business Benefit Overview

In this new year's special, you'll get an overview of the key features that we…

2 months ago

2024 Product Roadmap: What are we planning?

https://www.youtube.com/watch?v=BbxA9mCWXeA Join us on Friday, February 23, at 2:00 PM CET Gluu delivers Business Process…

2 months ago

Four great process improvement examples (to learn from)

Discover four compelling process improvement examples that offer valuable insights and lessons to learn from.

2 months ago

Lean process improvement: Removing the waste

Learn how to streamline your business operations and improve efficiency with lean process improvement techniques.

2 months ago

Process improvement process steps: An introduction

Discover the essential steps to enhancing your company's efficiency with our comprehensive guide to process…

2 months ago