Quality management (QHSE)

How to set up your incident management process

Estimated reading time: 7 minutes

A cyber security or safety incident happens and is reported. What now? This article guides you to proper incident management via a digital incident management process that helps you learn and lower the risk of future incidents.

At this point we assume that you know Why every company needs and incident management system and How you set up incident reporting for lower IT and HSE risk. Now we’ll guide you to setting up your digital incident management process that can help you operationalize it using Gluu’s BPM tool as an example.

The case for a digital incident management process

The big question is how you handle incidents, while minimizing disruption to operations. In many cases incidents are managed in a random way from case to case. This leads to poor documentation about what really happened. It also increases reputional risk. If something goes wrong and there is no sufficient documentation, then there is no trail to prove that each case was handled correctly.

What if you could run a water-tight digital process each time that would leave an accurate trail of activities behind? You actually can. Let me show you how.

”If you can’t describe what you are doing as a process, then you don’t know what you are doing.”

W. Edwards Deming

Step 1: Map your incident management process

Before starting I realized that our incident management process must standardize how each incident is:

  • reported with necessary data.
  • prioritized and escalated.
  • contained and corrected.
  • analyzed for prevention.
  • prevented from happening again.

Based on the article “How to do simple process mapping”, I’ve created a process named “Manage IT security incident.” The intended outcome is simple: “Incident has been logged, analysed and preventive measures has been taken.”

To do this I just…

  • added a swimlane per role involved.
  • added the activities of the process.
  • connected the main activities to show the ideal flow.

👉 Recommendation: Map your overall flow by adding activities to swimlanes to show WHAT is done and by WHO. Wait with explaining HOW work is done.

Step 2: Add instructions and tasks to each activity

I then added the necessary instructions to each activity. This is to make it easier for the employees reporting incidents – and ensuring that everything is done correctly.

I then added tasks to each activity.

👉 Recommendation: Make your instructions short and concise and use tasks to highlight the most critical work since this will make it measurable.

The task for ‘Register incident’ is to fill in a form that I created in Gluu. This form will collect all necessary information about the incident, such as:

  • Date and time.
  • Location.
  • Description of the incident.
  • Name and contact information of the person reporting the incident.
  • Any evidence of the incident, such as photos or documents.

The form is access and use directly from a browser or on the phone, so employees can quickly report incidents without any hassle.

Example incident reporting form in Gluu

Step 3: Prepare your process flow to run

I then create process variations to make different flows for each incident type. This decides the sequence and dependencies in each flow so our incident management process will run the right way every time.

👉 Recommendation: Create an overall incident management process and then handle each incident variation as a template. This way you avoid duplicate work instructions and keep the process number low.

Step 4: Run your flow and improve continuously

With a process, instructions, task and case templates ready then any employee can report incidents by starting cases. They are then automatically logged and a report can be generated for each incident, just like in this example:

This was just a quick example of how you create a digital incident management process. A full view of the corresponding ‘playbook’ is available for you below:

Download a sample IT security incident management process in playbook format with work instructions (created with Gluu).

Conclusions

In conclusion, incident reporting is nothing without incident management. For this you need an incident management process. This can be established easily with a tool such as Gluu as I have outlined in this article.

Here’s some inspiration on how to draw your own:

Frequently Asked Questions

What levels of support does Gluu provide when setting up an incident management process?

Ensuring you get the right level of support is crucial when setting up an incident management process. Gluu offers a comprehensive range of support options, making sure you’re never left without guidance. From providing initial software setup and ongoing technical support, to giving advice on best practices, Gluu helps you every step of the way. They also offer dedicated training programs to ensure your team is equipped to handle the system and feel confident in using it.

How quickly can an incident management process be implemented using Gluu’s framework?

The timeline for implementing an incident management process using Gluu’s framework can be surprising. The exact duration will depend on the complexity of your organization and the processes involved. However, thanks to Gluu’s intuitive design and user-friendly interface, businesses can typically see their systems live and operational in a matter of weeks rather than months. Plus, Gluu’s expert support team is there to expedite the process wherever possible.

How scalable is the Gluu system if my company expands or changes its operations?

Adjusting to company growth and change is not a problem for Gluu’s incident management system. It’s designed with scalability in mind, meaning it can easily adapt to expanding or altering operations. Whether you’re adding new departments, onboarding more employees, or even branching into new areas of business, Gluu’s system can grow alongside you. This makes it a flexible option for businesses that anticipate future development and expansion. Gluu provides flexible settings to manage user permissions, workflows, and reporting structures that align with your company’s changes. Furthermore, because it’s a cloud-based software, you’re not limited by physical infrastructure constraints. This allows for easy scalability and adaptability to the changing dynamics of your organization.

Tor Christensen

Recent Posts

How a large retailer uses processes in its ERP implementation

Join us on Wednesday, October 23, at 3:00 PM CEST ... and common mistakes and…

1 week ago

Gluu Fall 2024 Product Roadmap

Introducing Gluu's 2H 2024 product roadmapGluu delivers Business Process Management for People. This means real…

1 month ago

Custom fields, RACI and powerful AI

In this webinar, we introduced the main new features and improvements released in Gluu during…

1 month ago

Dynamics 365 Implementation Checklist

Estimated reading time: 9 minutes Embarking on a Dynamics 365 implementation requires a strategic shift…

2 months ago

How to create an S&OP dashboard in PowerBI using data from Gluu

Gluu tracks task and case progress that shows how work progresses (or where it stops).…

2 months ago

How to avoid ERP implementation failure

70% of all ERP projects fail. How can yours avoid the most common pitfalls?Join this…

4 months ago