Resource Center

guide / February 10, 2023

How to build an effective incident management process

Incidents in the workplace come with somber statistics. Half of the mass shootings noted in a new National Threat Assessment Center report happened in a workplace. Meanwhile, a recent study published in the American Journal of Preventive Medicine found that one in three healthcare workers was physically threatenedduring the COVID-19 pandemic. Businesses cannot control all the events leading up to an incident, but having a thoughtful incident management process can both save lives and minimize disruptions to your operations. 

This article will walk you through how you can build an effective incident management process step-by-step. But first, let’s define incident management. 

What is incident management?

Incident management is a series of protocols your team will follow in response to an incident. It’s important to note that an incident doesn’t have to be an emergency. Any disruption to day-to-day operations, like a power outage, a tree falling in the parking lot, or one of the security cameras failing is considered an incident because you’ll need to take steps to remediate the situation before things can return to normal. 

An incident management process consists of creating protocols, building an incident management team and equipping them with modern incident management hardware and software tools.

Step 1: Draft a modern incident management policy

An incident management policy is your guide for the unexpected and a vital part of your incident management process. This document categorizes incidents and outlines all the protocols your incident management team will follow in detail. While some incident management policies only pertain to cybersecurity events (these policies are sometimes called “information incident management policies”), it’s crucial to consider any physical threats your organization may face and include them in your policy.

Components of an effective incident management policy

Your incident management policy should be tailored to the needs of your organization. That being said, most thorough incident management policies will include these elements:

  • Statement of purpose: This is a brief summary of the protocols contained in your policy and how they are to be used. For an example of the layout and language usually used in a statement of purpose, take a look at page 4 of CSU Northridge’s incident management policy.

  • Definitions of terms and an outline of scope: This section explains to which employees the policy pertains, who is involved and the kinds of incidents the policy covers (cybersecurity, active shooter, fire, et cetera). Most policies will also come with a glossary of common terms.

  • Roles and responsibilities: You’ll need to designate a chain of command and provide the names, titles and contact information for members of your incident management team.

  • Classification of incident types: Incidents covered in your policy will need to be classified in some way so the policy is easier to read and implement. Some organizations classify by severity of the threat (level 1, level 2 and so on) but may also categorize the incident by type (cybersecurity, intruder, technical/equipment failure).

  • Comprehensive policies and procedures for incident response: This section is the ‘meat’ of your policy. Once you have the framework components down, you’ll need to come up with a set of procedures your team will follow in response to every incident described.

For an example, take a look at the incident management policy from Texas A&M International University or this one from Northwell Health. Writing an incident management policy is probably the hardest step in developing an incident management process flow. The good news is once you have a roadmap in place the rest of your planning process will be much smoother.

To learn more about how to create an incident management policy for your team, read How to Draft a Modern Incident Management Policy.

Step 2: Create an incident management team

The members of your incident management team will respond to and document incidents, collect evidence, communicate with law enforcement and help you plan for potential threats. You may have an in-house incident management team or hire a corporate security service, or perhaps your team will be a combination of staff and contractors. 

Either way, your incident management team should know how to:

  • Escort others to safety (evacuation)

  • Neutralize a threat (including a violent intruder)

  • Assist with non-emergency incidents (equipment failures, power outages)

  • Maintain a trail of evidence and document all incidents in an incident management system

How to set up your incident management team for success

Aside from the typical onboarding training, make sure your team is getting continuous education and staying up to date with any developments in the corporate security industry. A few must-have practices to implement: 

  • Clear reporting structure: Your team members need to know their chain of command by heart; if a true emergency comes up, there may be little time for questions or hesitation.

  • “Thou shalt know the codes”: Emergency codes, action plans and evacuation procedures all should be a part of your team’s ongoing training. It’s natural to forget something if you don’t repeat it every day, but since the point of incident management is to be prepared, make sure these vital instructions remain at the forefront.

  • Monthly security assessments: Conduct regular security checks on your premises to catch any vulnerabilities (i.e. broken locks).

  • Equipment and safety training: Incorporate equipment inspection and training into your quarterly or monthly security assessments to aid with retention.

  • Get the right tools: Equip your team with up-to-date hardware and software tools that cut down on administrative tasks and increase accountability.

Want to learn more about building a strong incident management team? Read 7 Best Practices to Teach to Your Incident Management Team.  

Step 3: Find the right tools for your incident management process

The right hardware (security cameras, body-worn cameras, drones) and a robust incident management system can save your team valuable time during investigations and evidence collection.

What is an incident management system?

An incident management system is a software solution used to document, track and manage data about incidents. It helps security teams stay accountable and spend less time on tasks like video transcriptions and redactions. It can also help with:

  • Monitoring and assessment: An incident management system can store footage from security cameras allowing you to analyze incidents and discuss prevention strategies.

  • Incident identification: Your security officers can monitor building access remotely and identify a potential security breach as soon as it occurs.

  • Categorization: Just like in your incident management policy, an incident management solution should let you categorize incidents in the system by severity or event type.

  • Investigation: Features like auto-transcription and redaction (we’ll talk about those in the next section), chain of command and evidence collection help your team investigate in the aftermath of an incident. 

  • Incident resolution: Once an incident is resolved, you should be able to securely archive it in your system for future reference.

To learn more about what incident management systems do, read What Is an Incident Management System?

Key features of great incident management software

Here are some features to look for when shopping for an incident management solution:

Customizable user permissions

Administrators on your team should be able to customize access to different files and parts of the incident management system. This feature is particularly important for active investigations that involve law enforcement and require extra care around confidential information.

Data encryption

Encryption for data at rest and in transit is an absolute must-have for an incident management solution. Losing evidence or access to key documents can cause compliance issues and interfere with the investigation not only for you but for law enforcement agencies who require your data.


Transcribing interviews from video and audio files is standard procedure in incident management, but it can be tedious and prone to human error. A solution with an auto-transcription feature can take care of most of the work, allowing your team to focus on more impactful tasks.

Automated redaction tools

Redacting license plates, bystander faces and any other personally identifiable information from video is a required privacy measure, but just like with transcription, it takes time. The best incident management systems will automatically detect and cover or blur any sensitive information in video files.

Audit trails

Audit trails help you gather evidence, reconstruct what happened and follow compliance processes. An incident management system can help you establish an audit trail by keeping a record of every sequential step taken to resolve an incident. This can help with the investigation and help protect you against legal action down the road.

For a full list of must-have features for incident management software, read How to Find the Best Incident Management Software: 7 Must-Have Features.

Support your team with connected security solutions that help you work securely, seamlessly and effectively. To learn more about our corporate and private security suite, send us a message.