Incidents happens, and the key is to learn from them and gain knowledge. Once reported you can identify, analyse and prevent the same incidents from happening again. In this article we will provide you with brief intro on incident management and how it can help your company.
Estimated reading time: 6 minutes
Imagine you are at the office and have just left a meeting. You grab a cup of coffee on the way back to your desk, and you hear down the corridor: “I slipped on the stairs – again!”.
Or it may also be this slightly odd e-mail, where you receive a “thank for your help”-mail regarding an invoice you never approved.
There is lots of situations where an incident management system is a really good idea. But there are pitfalls along the way and you need avoid, in order to reap the benefits ahead of you.
“System” does not mean “IT system”
Before we begin it is important to emphasise that neither the ISO standards nor the ITIL collection of best practices requires that you implement an IT system. A “system” should be interpreted as a body of knowledge that helps the organisation towards the desired goal of improving the business within a certain field (IT security, HSE etc.).
An IT system is just a convenient way of implementing the processes and best practices.
According to ISO 27001: “This International Standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving…“. Not a word on a requirement for a specific IT system.
Having, using and improving the processes is “system” enough. Buying an IT system specifically for incident management is potentially a waste of money, as it is the processes that deserves the center stage.
With that in mind. Let’s dive in.
Benefits with incident management
- Prevent incidents from becoming accidents (where it’s really going to be costly)
- Ensure legal compliance or mitigate contractual obligations – in which case you don’t have a choice
- Ensure that incidents never happen twice
- Quickly restore production to normal
- Understand, learn and share your knowledge leveraging the productivity of the entire company
Potential problems without incident management
- Loss of income
- Delays in operations
- Product failures
- Data breaches
- Injuries and accidents
Challenges of incident management
What kind of challenges can you expect, when you start implementing an incident management system?
Do you have enough data to fully analyse and prevent future incidents?
What happened? And what happened just before? Any pictures? Log files?
Lack of content, data and surrounding knowledge about the situation can make it harder to analyse and find a solution for the same thing not to happen again. To help the reporting, you can make clear accessible work instructions along with a form that collects the required amount of data.
It is too difficult!
This comes in many flavours (often in the form of an excuse) Make sure that everyone knows that you have a reporting tool – and where to look for it. Ensure that everyone has access to it. And make it crystal clear what kind of information is needed for the report, you don’t get the whole picture of the incident.
When reporting is uphill, there is a high risk that it will not be done.
If incident reporting is your main concern, please find our in depth article on the topic here.
Can an incident management system really fit to our organisation?
Gluu’s platform and management system is straightforward and intuitive to work in and you can customize the process flow to fit any organisation.
How can incident management software help you?
Whether you are a small business or a large corporation, an incident management system will help you increase productivity and strengthen operations.
Here is a few bullets on how incident management software can help you:
Ensure correct reporting of incidents
First step is to report the incident. Without that nothing else matters. It will be a help for you to have uniform templates and make your report in a digital process platform, that all employees have access to – and knowledge about.
When you work with reporting in an incident management system, you can document to stakeholders and partners, what has happened.
When you do incident reporting in a digital process platform like Gluu, all instructions and reports are stored in one place. You will no longer spent time finding incident reports in different software systems or departments in the company. In this way Gluu makes it easier to store all work instructions and reporting in one place.
Speedy recovery – getting back on your feet
Incidents and breakdowns can cause delays in the production and operations. And they can cause confusion and take time, if the organisation do not know how do handle them. Who is responsible for taking action and find a solution? And what will you do to ensure that it will not happen again?
First of all you have to stop it, prevent it from doing more damage and get back into to normal mode.
A good incident management software can also help to describe how to recover, restart or refill your machinery, so you can get back in business as quickly as possible.
Analyse, learn, mitigate, repeat
Once you have a clear understanding of what happened (and the immediate problem has been handled) you need to understand the cause. There are lots of brilliant tools for finding the root causes, but very often people move on, as the immediate problem has been solved. The fire has been put out – why care?
Ideally your incident management system contains a clear process for data collection, analysis and corrective actions etc. can force everyone involved to put in the work needed to truly ensure prevention.
Improve how you improve
In Gluu we have examples of you can work with incident reporting and management. If you encounter new situations or variations from your current best practice you can easily just add the new knowledge to you existing process, thus ensuring that you are as ready as possible for next time.
Check out our process platform.
What’s a business process documentation tool?
It helps with the important work of recording, mapping and explaining the ongoing processes occurring in an organisation. Be that a process for arranging a foreign sales trip, hiring a new CTO or managing the annual staff Christmas party. The point is to ensure you understand the process – the flow of work – that needs to be done. For this, you need a process diagram – ideally connected with work instructions in the form of video, images and files easily accessible from it. It adds a lot of value as this process documentation case study shows.
Improving is an ongoing process
Gaining new knowledge is not a “one off”. When you start reporting the incidents and analyzing what caused the issues you will see that you initial process might not cover everything or that your analysis, mitigation, recovery parts can be improved.
Once you realise, what caused the incident and what solved it, you need to make improvements such as:
- Improving the incident reporting process
- Employee training courses in cyber security
- Improvement of work environment
- Improved onboarding of new employees
- Regular IT system check
- Maintenance plans
A “system” is something you choose the size and shape of: A system of neatly organised post-ITs is also a “system”. The important part is that you have a structured process that you can improve upon (in a Plan-Do-Check-Act cycle). The “IT system” is just a great way of sharing, maintaining, documenting etc.
To learn from your experiences on a company level. You can more easily prevent similar incidents to reoccur if you log and learn from old ones.
1) Make sure that everyone is aware that you have a system (via training, onboarding)
2) Make the system widely available
3) Describe how to report correctly and – most importantly – make it very simple to report