Incident Management

Incident management is the structured approach to handling unexpected events that affect business operations, safety, security, or compliance. It encompasses the full lifecycle from detection through resolution and post-incident review.

Incident management lifecycle:

• Detection and reporting: Identifying that an incident has occurred and logging it
• Triage and classification: Assessing severity, priority, and impact
• Escalation: Notifying appropriate stakeholders based on severity
• Investigation: Understanding what happened, how, and why
• Containment: Taking immediate steps to limit the impact
• Resolution: Implementing the fix or workaround
• Recovery: Restoring normal operations
• Post-incident review: Learning from the incident to prevent recurrence

Incident classification typically uses severity levels:

• Critical (P1): Major business impact, system down, data breach, safety incident
• High (P2): Significant impact on operations but workaround available
• Medium (P3): Moderate impact with limited disruption
• Low (P4): Minor issue with minimal business impact

Key incident management considerations:

• Clear roles and responsibilities (incident commander, communications lead, technical lead)
• Defined escalation paths and timeframes
• Communication plans for internal and external stakeholders
• Regulatory notification requirements (WHS, NDB, APRA, etc.)
• Evidence preservation for investigation and potential litigation
• Root cause analysis and corrective action tracking

Post-incident review (blameless retrospective):

• Focus on systemic causes rather than individual blame
• Document findings, lessons learned, and corrective actions
• Track corrective action completion
• Share learnings across the organisation