Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Incident Management Team

Has your organization created and implemented an Incident Management (or Response) Team?
If so, who makes up your team in terms of position within the organization?

I'm just looking to spur some discussion on the matter ;).

I would say that most of the organizations we encounter do not have a functional IRT, which is sad.
You must sign in to rate content.
(1 ratings)

Comments

RE: Incident Management Team

Right now we don't have IRT. But I want to create it in future. At my last job we try to make IRT. But have problems with IT Dept. They don't want to anounce incidents to management. This is russian way to work with uncidents. :-).
NuikinLively at 4/13/2011 8:24:11 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Most of the companies (80+%) that we start work with don't have formal IRTs, but even scarier is that 70+% don't even have formal incident response procedures!

It sounds like information security was handled as an IT issue at your last job, based on the fact that the IT department was able to deter the creation of an IRT.  This is too bad.  Information security is not an IT issue.
Evan@FRSecureLively at 4/16/2011 12:27:05 PM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

The IRT is made up of representatives from  Technical , IT , Business, Legal and PR .
LucyMLively at 5/6/2011 8:32:41 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Incident Management process focuses on resuming service interruptions as quickly as possible, so that there's minimal impact on business.   As it is handled by the front-line staff who are close to the incident, the team is composed by computer operators, service desk personnel and internal users.
When the incident cannot be resume in the defined time per severity level, then a second level support will be called on to take up the recovery work.
HonPSuenSocial at 6/5/2011 9:43:55 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Our organisation is revenue based and business continutity is critical  Service outages are costly.  The incident reponse team at our organisation comprises of a service desk who handle, record and offer first line support. There is a 2nd level support and third level who work on recovery of systems to ensure business continuity and minise impact of outage. The business is represented by the business automation officers. In the team there is the manager who mostly coordinates the escalations. 
EVA956Lively at 2/3/2012 12:52:48 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

In most of Samsung Branches, they have IRT. Originally each Samsung Branch has Information System team. It plays a role of Incident managent team. before 2000, it was just System management team, but after Samsung introduced ITSM, it became more functional. They rebuilt IS team into ITSM Organiztion. There were a lot of difficulties, because there was also small Information Team. in that case it might not be proper for the whole team to make ITSM organiztion.   So recently there is simple ITSM ogranization for small team.
WonLively at 2/20/2012 5:50:57 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Hi all, this is an interesting question. I have seen IRT's well established, and it was achieved through building a solid team with a collaborative spirit. As we would prefer incidents or major incidents not to happen, we also have them as limited (hopefully, they are limited) opportunities to test our maturity as an organization to respond to and resolve incidents. In general terms, I would outline 4 roles (or 3 if resources are limited): 1) Technical owner: looking directly into the matter, or liaising with external support looking into the issue. 2) Business owner: someone representing the business or end-users impacted, so we make sure we are aware of the real impact, and how it progresses from the end-user perspective. 3) Communications: I would split internal from external communications, and if possible, would have 2 persons wearing these hats: 3.1) Internal communications: Liaison between the technical owner and help desk. Any development of the incident is typically detected by the help desk, so this role is to validate, consolidate and simplify information going through the technical owner. This role is quite sensitive, as the route of resolution may change based on the information provided. 3.2) External communications: Liaison with the business owner or representative of the end-user. This person should be a 'translator' of the IT world to end-users, therefore, should receive information from the 'internal comms' person and format the message to be applicable and understandable by the business.
Reyna RamirezLively at 11/10/2014 7:59:07 PM Quote
You must sign in to rate content.
(2 ratings)

RE: Incident Management Team

My last couple of jobs (15yrs) has been in-depth incident management: Monitor the Production Environment Establish High (Partial outages) and Critical (total outages) availability or peformance Maintain Escalation lists for oncall to pull onto an established "bridge - phone" Create the "Ticket" and the Major incident Message (MIM) Later on you can use a Whiteboard / Online collaboration to help keep notes of the incident. We use a standard template to fill out. Upon completion upload the document to a Problem ticket Executive Summary (Easy to read non-technical) sent after the bridge to the stakeholders of the different business units. Critical tickets are worked by a small team of service management (we review the results/tasks) High tickets are worked through by the Engineer/Tech leads. Root Cause and Permanent resolution is the goal. You have to have Executive Mgmt to support the business case that a well functioning Incident Management process will improve Availability and Performance.
Rob954Lively at 1/2/2015 4:23:49 PM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

This email is to be read subject to the disclaimer below.

Please note I am currently on annual leave until 05/01/2015. I will have irregular access to emails. For urgent matters, please call my mobile 0431 722 303.


_________________________________
NOTICE - This communication contains information which is confidential and the copyright of Ernst & Young or a third party.

This email is intended to be read or used by the addressee only. If you are not the intended recipient, any use, distribution, disclosure or copying of this email is strictly prohibited without the authority of Ernst & Young. Please delete and destroy all copies and telephone Ernst & Young on 1800 655 717 immediately.

Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of Ernst & Young.

Except as required by law, Ernst & Young does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

This email is confidential and may contain legally privileged information. Confidentiality and legal privilege attached to this communication are not waived or lost by reason of mistaken delivery to you.

Our liability is limited by a scheme approved under professional standards legislation, except where we are a financial services licensee.

If this communication is a "commercial electronic message" (as defined in the Spam Act 2003) and you do not wish to receive communications such as this, please forward this communication to unsubscribe@au.ey.com

Rosaria914Observer at 1/2/2015 4:24:45 PM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

yes and we do have a Emergency Response Team
Shruti KulkarniEnergizer at 1/19/2015 10:05:05 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Is cyber security incident dealt separately then other incidents?
-adnan-Influential at 5/21/2015 6:13:10 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

yes and we do have a Emergency Response Team
Shruti Kulkarni at 1/19/2015 10:05:05 AM
AdamPCLively at 6/9/2015 10:39:24 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Is cyber security incident dealt separately then other incidents?
-adnan- at 5/21/2015 6:13:10 AM
I am in the process of developing a Security specific Incident Response Plan using NIST SP800.61r2 framework. Are there any additional resources I should consider?
AdamPCLively at 6/9/2015 10:42:47 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Incident Response Team is in place for my current organisation (especially for West Africa) and my role plays a key part in the planning and mobilization. Case where the team was very useful were the Ebola case in West Africa and the Presidential election in Nigeria. Unfortunately, extensively use is yet to be enjoyed due to the early control of major incidents. But to us, planning stage remains critical as incident often happens with little or no notice.
AdeolaSocial at 8/19/2015 10:04:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

We do not have an IRT but we are in the process of coming up with an incident management policy which will then mandate the need for well defined and documented incident management procedures, and within the procedures, incident management roles (IRT included) shall be specified. However, I may still need guidance on how to measure the effectiveness and perfomance of this team, coming back to the need for metrics.

Helly263Energizer at 11/11/2015 2:39:43 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

We do not have an IRT but we are in the process of coming up with an incident management policy which will then mandate the need for well defined and documented incident management procedures, and within the procedures, incident management roles (IRT included) shall be specified. However, I may still need guidance on how to measure the effectiveness and perfomance of this team, coming back to the need for metrics.

Helly263Energizer at 11/11/2015 2:39:43 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Incident Response Team is in place for my current organisation (especially for West Africa) and my role plays a key part in the planning and mobilization. Case where the team was very useful were the Ebola case in West Africa and the Presidential election in Nigeria. Unfortunately, extensively use is yet to be enjoyed due to the early control of major incidents. But to us, planning stage remains critical as incident often happens with little or no notice.
AdeolaSocial at 8/19/2015 10:04:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Is cyber security incident dealt separately then other incidents?
-adnan- at 5/21/2015 6:13:10 AM
I am in the process of developing a Security specific Incident Response Plan using NIST SP800.61r2 framework. Are there any additional resources I should consider?
AdamPCLively at 6/9/2015 10:42:47 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

yes and we do have a Emergency Response Team
Shruti Kulkarni at 1/19/2015 10:05:05 AM
AdamPCLively at 6/9/2015 10:39:24 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Is cyber security incident dealt separately then other incidents?
-adnan-Influential at 5/21/2015 6:13:10 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

yes and we do have a Emergency Response Team
Shruti KulkarniEnergizer at 1/19/2015 10:05:05 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

This email is to be read subject to the disclaimer below.

Please note I am currently on annual leave until 05/01/2015. I will have irregular access to emails. For urgent matters, please call my mobile 0431 722 303.


_________________________________
NOTICE - This communication contains information which is confidential and the copyright of Ernst & Young or a third party.

This email is intended to be read or used by the addressee only. If you are not the intended recipient, any use, distribution, disclosure or copying of this email is strictly prohibited without the authority of Ernst & Young. Please delete and destroy all copies and telephone Ernst & Young on 1800 655 717 immediately.

Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of Ernst & Young.

Except as required by law, Ernst & Young does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

This email is confidential and may contain legally privileged information. Confidentiality and legal privilege attached to this communication are not waived or lost by reason of mistaken delivery to you.

Our liability is limited by a scheme approved under professional standards legislation, except where we are a financial services licensee.

If this communication is a "commercial electronic message" (as defined in the Spam Act 2003) and you do not wish to receive communications such as this, please forward this communication to unsubscribe@au.ey.com

Rosaria914Observer at 1/2/2015 4:24:45 PM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

My last couple of jobs (15yrs) has been in-depth incident management: Monitor the Production Environment Establish High (Partial outages) and Critical (total outages) availability or peformance Maintain Escalation lists for oncall to pull onto an established "bridge - phone" Create the "Ticket" and the Major incident Message (MIM) Later on you can use a Whiteboard / Online collaboration to help keep notes of the incident. We use a standard template to fill out. Upon completion upload the document to a Problem ticket Executive Summary (Easy to read non-technical) sent after the bridge to the stakeholders of the different business units. Critical tickets are worked by a small team of service management (we review the results/tasks) High tickets are worked through by the Engineer/Tech leads. Root Cause and Permanent resolution is the goal. You have to have Executive Mgmt to support the business case that a well functioning Incident Management process will improve Availability and Performance.
Rob954Lively at 1/2/2015 4:23:49 PM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Hi all, this is an interesting question. I have seen IRT's well established, and it was achieved through building a solid team with a collaborative spirit. As we would prefer incidents or major incidents not to happen, we also have them as limited (hopefully, they are limited) opportunities to test our maturity as an organization to respond to and resolve incidents. In general terms, I would outline 4 roles (or 3 if resources are limited): 1) Technical owner: looking directly into the matter, or liaising with external support looking into the issue. 2) Business owner: someone representing the business or end-users impacted, so we make sure we are aware of the real impact, and how it progresses from the end-user perspective. 3) Communications: I would split internal from external communications, and if possible, would have 2 persons wearing these hats: 3.1) Internal communications: Liaison between the technical owner and help desk. Any development of the incident is typically detected by the help desk, so this role is to validate, consolidate and simplify information going through the technical owner. This role is quite sensitive, as the route of resolution may change based on the information provided. 3.2) External communications: Liaison with the business owner or representative of the end-user. This person should be a 'translator' of the IT world to end-users, therefore, should receive information from the 'internal comms' person and format the message to be applicable and understandable by the business.
Reyna RamirezLively at 11/10/2014 7:59:07 PM Quote
You must sign in to rate content.
(2 ratings)

RE: Incident Management Team

In most of Samsung Branches, they have IRT. Originally each Samsung Branch has Information System team. It plays a role of Incident managent team. before 2000, it was just System management team, but after Samsung introduced ITSM, it became more functional. They rebuilt IS team into ITSM Organiztion. There were a lot of difficulties, because there was also small Information Team. in that case it might not be proper for the whole team to make ITSM organiztion.   So recently there is simple ITSM ogranization for small team.
WonLively at 2/20/2012 5:50:57 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Our organisation is revenue based and business continutity is critical  Service outages are costly.  The incident reponse team at our organisation comprises of a service desk who handle, record and offer first line support. There is a 2nd level support and third level who work on recovery of systems to ensure business continuity and minise impact of outage. The business is represented by the business automation officers. In the team there is the manager who mostly coordinates the escalations. 
EVA956Lively at 2/3/2012 12:52:48 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Incident Management process focuses on resuming service interruptions as quickly as possible, so that there's minimal impact on business.   As it is handled by the front-line staff who are close to the incident, the team is composed by computer operators, service desk personnel and internal users.
When the incident cannot be resume in the defined time per severity level, then a second level support will be called on to take up the recovery work.
HonPSuenSocial at 6/5/2011 9:43:55 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

The IRT is made up of representatives from  Technical , IT , Business, Legal and PR .
LucyMLively at 5/6/2011 8:32:41 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Most of the companies (80+%) that we start work with don't have formal IRTs, but even scarier is that 70+% don't even have formal incident response procedures!

It sounds like information security was handled as an IT issue at your last job, based on the fact that the IT department was able to deter the creation of an IRT.  This is too bad.  Information security is not an IT issue.
Evan@FRSecureLively at 4/16/2011 12:27:05 PM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Right now we don't have IRT. But I want to create it in future. At my last job we try to make IRT. But have problems with IT Dept. They don't want to anounce incidents to management. This is russian way to work with uncidents. :-).
NuikinLively at 4/13/2011 8:24:11 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Right now we don't have IRT. But I want to create it in future. At my last job we try to make IRT. But have problems with IT Dept. They don't want to anounce incidents to management. This is russian way to work with uncidents. :-).
NuikinLively at 4/13/2011 8:24:11 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Incident Management process focuses on resuming service interruptions as quickly as possible, so that there's minimal impact on business.   As it is handled by the front-line staff who are close to the incident, the team is composed by computer operators, service desk personnel and internal users.
When the incident cannot be resume in the defined time per severity level, then a second level support will be called on to take up the recovery work.
HonPSuenSocial at 6/5/2011 9:43:55 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Our organisation is revenue based and business continutity is critical  Service outages are costly.  The incident reponse team at our organisation comprises of a service desk who handle, record and offer first line support. There is a 2nd level support and third level who work on recovery of systems to ensure business continuity and minise impact of outage. The business is represented by the business automation officers. In the team there is the manager who mostly coordinates the escalations. 
EVA956Lively at 2/3/2012 12:52:48 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Hi all, this is an interesting question. I have seen IRT's well established, and it was achieved through building a solid team with a collaborative spirit. As we would prefer incidents or major incidents not to happen, we also have them as limited (hopefully, they are limited) opportunities to test our maturity as an organization to respond to and resolve incidents. In general terms, I would outline 4 roles (or 3 if resources are limited): 1) Technical owner: looking directly into the matter, or liaising with external support looking into the issue. 2) Business owner: someone representing the business or end-users impacted, so we make sure we are aware of the real impact, and how it progresses from the end-user perspective. 3) Communications: I would split internal from external communications, and if possible, would have 2 persons wearing these hats: 3.1) Internal communications: Liaison between the technical owner and help desk. Any development of the incident is typically detected by the help desk, so this role is to validate, consolidate and simplify information going through the technical owner. This role is quite sensitive, as the route of resolution may change based on the information provided. 3.2) External communications: Liaison with the business owner or representative of the end-user. This person should be a 'translator' of the IT world to end-users, therefore, should receive information from the 'internal comms' person and format the message to be applicable and understandable by the business.
Reyna RamirezLively at 11/10/2014 7:59:07 PM Quote
You must sign in to rate content.
(2 ratings)

RE: Incident Management Team

The IRT is made up of representatives from  Technical , IT , Business, Legal and PR .
LucyMLively at 5/6/2011 8:32:41 AM Quote
You must sign in to rate content.
(1 ratings)

RE: Incident Management Team

Most of the companies (80+%) that we start work with don't have formal IRTs, but even scarier is that 70+% don't even have formal incident response procedures!

It sounds like information security was handled as an IT issue at your last job, based on the fact that the IT department was able to deter the creation of an IRT.  This is too bad.  Information security is not an IT issue.
Evan@FRSecureLively at 4/16/2011 12:27:05 PM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

In most of Samsung Branches, they have IRT. Originally each Samsung Branch has Information System team. It plays a role of Incident managent team. before 2000, it was just System management team, but after Samsung introduced ITSM, it became more functional. They rebuilt IS team into ITSM Organiztion. There were a lot of difficulties, because there was also small Information Team. in that case it might not be proper for the whole team to make ITSM organiztion.   So recently there is simple ITSM ogranization for small team.
WonLively at 2/20/2012 5:50:57 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

My last couple of jobs (15yrs) has been in-depth incident management: Monitor the Production Environment Establish High (Partial outages) and Critical (total outages) availability or peformance Maintain Escalation lists for oncall to pull onto an established "bridge - phone" Create the "Ticket" and the Major incident Message (MIM) Later on you can use a Whiteboard / Online collaboration to help keep notes of the incident. We use a standard template to fill out. Upon completion upload the document to a Problem ticket Executive Summary (Easy to read non-technical) sent after the bridge to the stakeholders of the different business units. Critical tickets are worked by a small team of service management (we review the results/tasks) High tickets are worked through by the Engineer/Tech leads. Root Cause and Permanent resolution is the goal. You have to have Executive Mgmt to support the business case that a well functioning Incident Management process will improve Availability and Performance.
Rob954Lively at 1/2/2015 4:23:49 PM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

This email is to be read subject to the disclaimer below.

Please note I am currently on annual leave until 05/01/2015. I will have irregular access to emails. For urgent matters, please call my mobile 0431 722 303.


_________________________________
NOTICE - This communication contains information which is confidential and the copyright of Ernst & Young or a third party.

This email is intended to be read or used by the addressee only. If you are not the intended recipient, any use, distribution, disclosure or copying of this email is strictly prohibited without the authority of Ernst & Young. Please delete and destroy all copies and telephone Ernst & Young on 1800 655 717 immediately.

Any views expressed in this communication are those of the individual sender, except where the sender specifically states them to be the views of Ernst & Young.

Except as required by law, Ernst & Young does not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception or interference.

This email is confidential and may contain legally privileged information. Confidentiality and legal privilege attached to this communication are not waived or lost by reason of mistaken delivery to you.

Our liability is limited by a scheme approved under professional standards legislation, except where we are a financial services licensee.

If this communication is a "commercial electronic message" (as defined in the Spam Act 2003) and you do not wish to receive communications such as this, please forward this communication to unsubscribe@au.ey.com

Rosaria914Observer at 1/2/2015 4:24:45 PM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

yes and we do have a Emergency Response Team
Shruti KulkarniEnergizer at 1/19/2015 10:05:05 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Is cyber security incident dealt separately then other incidents?
-adnan-Influential at 5/21/2015 6:13:10 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

yes and we do have a Emergency Response Team
Shruti Kulkarni at 1/19/2015 10:05:05 AM
AdamPCLively at 6/9/2015 10:39:24 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Is cyber security incident dealt separately then other incidents?
-adnan- at 5/21/2015 6:13:10 AM
I am in the process of developing a Security specific Incident Response Plan using NIST SP800.61r2 framework. Are there any additional resources I should consider?
AdamPCLively at 6/9/2015 10:42:47 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

Incident Response Team is in place for my current organisation (especially for West Africa) and my role plays a key part in the planning and mobilization. Case where the team was very useful were the Ebola case in West Africa and the Presidential election in Nigeria. Unfortunately, extensively use is yet to be enjoyed due to the early control of major incidents. But to us, planning stage remains critical as incident often happens with little or no notice.
AdeolaSocial at 8/19/2015 10:04:45 AM Quote
You must sign in to rate content.
(Unrated)

RE: Incident Management Team

We do not have an IRT but we are in the process of coming up with an incident management policy which will then mandate the need for well defined and documented incident management procedures, and within the procedures, incident management roles (IRT included) shall be specified. However, I may still need guidance on how to measure the effectiveness and perfomance of this team, coming back to the need for metrics.

Helly263Energizer at 11/11/2015 2:39:43 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.