Gluu

workers in a factory

Blog / Quality management (QHSE)

Why Every Company Needs an Incident Management System

Tor Christensen
By
Last updated on 13/10/2024

Estimated reading time: 9 minutes

Incidents happen and the key is to learn from them. Once reported you can identify, analyse and prevent the same incidents from happening again. This article is written for operations leaders to get a brief intro to incident management and how it can help a company.

Imagine you are at the office and have just left a meeting. You grab a cup of coffee on the way back to your desk, and you hear down the corridor: “I slipped on the stairs – again!”.

Or it may also be this slightly odd e-mail, where you receive a “thank for your help”-mail regarding an invoice you never approved.

There is lots of situations where an incident management system is a really good idea. But there are pitfalls along the way and you need avoid, in order to reap the benefits ahead of you.

What is incident management?

Incident management is about managing incidents in a systematic way. So an Incident Management System is a structured approach to effectively respond to and mitigate unexpected events or crises. It involves processes, tools, and personnel coordination to assess, prioritize, and resolve incidents efficiently. IMS typically includes incident identification, reporting, response planning, resource allocation, and communication protocols. It is crucial in various fields, such as emergency response, cybersecurity, and IT, to minimize disruptions, ensure safety, and restore normal operations swiftly. IMS promotes organized, coordinated actions to manage and learn from incidents, ultimately enhancing preparedness and resilience.

“System” does not mean “IT system”

It is important to emphasise that neither the ISO standards nor the ITIL collection of best practices requires that you implement an IT system. A “system” should be interpreted as a body of knowledge that helps the organisation towards the desired goal of improving the business within a certain field (IT security, HSE etc.).

An IT system is just a convenient way of implementing the processes and best practices.

According to ISO 27001: “This International Standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving…“. So there is not a word about the need for a specific IT system.

Having, using and improving the processes is “system” enough. Buying an IT system specifically for incident management is potentially a waste of money, as it is the processes that deserves the center stage.

With that clarified. Let’s dive into its benefits.

Try Gluu for free

Sign up for a 30-day trial.
No credit card required.

Depiction of a person distributing information

Benefits from an incident management system

In short, incident management lets your company…

Risks from not having an incident management system

If you don’t have a structured way to manage incidents then risks such as…

  • Delays in operations
  • Product failures
  • Data breaches
  • Injuries and accidents

… may be higher than if you use such a system. This means higher cost and operational risk.

Incident or accident?

Challenges when starting with incident management

What kind of challenges can you expect, when you start implementing an incident management system?

Not having the right data to analyze and prevent future incidents

What happened? And what happened just before? Any pictures? Log files? 

Lack of content, data and surrounding knowledge about the situation can make it harder to analyse and find a solution for the same thing not to happen again. To help the reporting, you can make clear accessible work instructions along with a form that collects the required amount of data.

Incident reporting is too difficult

Make sure that everyone knows that you have a reporting tool – and where to look for it. Ensure that everyone has access to it. And make it crystal clear what kind of information is needed for the report, you don’t get the whole picture of the incident. 

When reporting is uphill, there is a high risk that it will not be done.

So to address such data challenges you should design your incident management system around these:

5 incident management best practices

Whether you are a small business or a large corporation, an incident management system will help you increase productivity and strengthen operations. Here is a few bullets on how incident management software can help you:

#1 Ensure correct reporting of incidents

First step is to report the incident. Without that nothing else matters. It will be a help for you to have uniform templates and make your report in a digital process platform, that all employees have access to – and knowledge about.

When you work with reporting in an incident management system, you can document to stakeholders and partners, what has happened.

When you do incident reporting in a digital process platform like Gluu, all instructions and reports are stored in one place. You will no longer spent time finding incident reports in different software systems or departments in the company. In this way Gluu makes it easier to store all work instructions and reporting in one place.

Try Gluu for free

Sign up for a 30-day trial.
No credit card required.

Depiction of a person distributing information

#2 Speedy recovery – getting back on your feet

Incidents and breakdowns can cause delays in the production and operations. And they can cause confusion and take time, if the organisation do not know how do handle them. Who is responsible for taking action and find a solution? And what will you do to ensure that it will not happen again?

First of all you have to stop it, prevent it from doing more damage and get back into to normal mode.

A good incident management software can also help to describe how to recover, restart or refill your machinery, so you can get back in business as quickly as possible.

#3 Analyse, learn, mitigate, repeat

Once you have a clear understanding of what happened (and the immediate problem has been handled) you need to understand the cause. There are lots of brilliant tools for finding the root causes, but very often people move on, as the immediate problem has been solved. The fire has been put out – why care?

Ideally your incident management system contains a clear process for data collection, analysis and corrective actions etc. can force everyone involved to put in the work needed to truly ensure prevention.

#4 Improve how you improve

Gaining new knowledge is not a “one off”. When you start reporting the incidents and analyzing what caused the issues you will see that you initial process might not cover everything or that your analysis, mitigation, recovery parts can be improved.

Once you realise, what caused the incident and what solved it, you need to make improvements such as:

  • Improving the incident reporting process
  • Employee training courses in cyber security
  • Improvement of work environment
  • Improved onboarding of new employees
  • Regular IT system check
  • Maintenance plans

In Gluu we have examples of you can work with incident reporting and management. If you encounter new situations or variations from your current best practice you can easily just add the new knowledge to you existing process, thus ensuring that you are as ready as possible for next time.

#5 Manage risk without closing the business

The cure must not be worse than the problem and therefore you must consider how do you find the point where lowering the risk further can not be justified from a business perspective?

We describe this is by a principle called ”ALARP” (As Low As Reasonably Practicable), and although the term originates in safety management, the concept is an essential one for all forms of risk management:

Conclusions

An incident management system is the structured approach to delaying with incidents. It is not about software but about how you analyse and learn from each incident and prevent that it can happen again. Preventing incidents mean lower business risk and hereby lower long term costs.

The main challenge with having an effective incident management system is getting the right data. For this to happen incident reporting must be easy and effective.

I hope you found this overview useful and suggest the following articles to dive deeper into the topic:

Incident Management System FAQs

What is meant by an incident management “system”

A “system” is something you choose the size and shape of: A system of neatly organised post-ITs is also a “system”. The important part is that you have a structured process that you can improve upon (in a Plan-Do-Check-Act cycle). The “IT system” is just a great way of sharing, maintaining, documenting etc.

Why is it important for the company to report incidents?

To learn from your experiences on a company level. You can more easily prevent similar incidents to reoccur if you log and learn from old ones.

How can I ensure that people use my system?

1) Make sure that everyone is aware that you have a system (via training, onboarding)
2) Make the system widely available
3) Describe how to report correctly and – most importantly – make it very simple to report

You might also like ...