The role of an incident commander: Real-time crisis control
Summary
The incident commander is the decision maker when an incident strikes. They create the incident action plan, which is crucial for controlling incidents quickly once they occur. In this piece, we’ll explain the role and responsibilities of an incident commander and why having an incident action plan is crucial to keeping operations running at all times.
When an emergency occurs, you call 911 and wait for first responders to arrive. These individuals are trained to tackle emergencies—all while staying calm and collected. Company incidents, like data breaches or labor strikes, usually aren’t concerning in terms of physical safety, but they also require immediate attention because of the impact they can have on your company’s bottom line.
In this piece, we’ll explain the role and responsibilities of an incident commander and why having an incident action plan can be crucial to keeping operations running at all times.
What is an incident commander?
The incident commander is responsible for all aspects of incident response. Usually a member of the IT or DevOps team, this person defines and organizes the incident action plan and leads the decision-making process when crises arise.
The incident commander (also called an incident manager) is the lead point of contact for team members during an emergency business situation. In these high-stress situations, they are in charge of delegating tasks to incident response teams.
Incident commanders must be skilled at seeing the big picture if they hope to break down complex incidents into manageable pieces. Without an incident commander, it’s easy for project defects, system errors, and miscommunication to occur. When you’re part of a large or multi-unit team, the incident command post is key to keeping your operations running smoothly.
What does an incident commander do?
While incidents don’t occur every day, incident commanders may take on a full-time role in bigger organizations because they have many responsibilities to keep them busy. As an incident commander, you'll spend most of your time preparing for incidents, learning from past incidents, and managing an incident once it occurs.
1. Prepare for incidents
Incident commanders must prepare for a range of events that can negatively affect the company. While you can’t predict everything that will happen, you can set up foolproof incident operations to handle a variety of scenarios as they occur in real time. This type of operational preparation includes:
Setting up communication channels
Creating a general incident action plan
Training team members on the incident action plan
Regularly reviewing incident safety measures
Tip: Project management can help your team establish an incident action plan. As an incident commander, you’ll share this plan with everyone in the company through your online management system.
2. Create an action plan
Once an incident occurs, you can put your leadership qualities into action by thinking quickly on your feet. Because every incident is unique, preparation only goes so far. You must first analyze the incident and determine how to address it. Use the incident operations plans you made earlier as a jumping off point, and modify the plans depending on the situation’s specific needs.
Deciding what to do during an incident includes:
Making a step-by-step action plan
Identifying which team members are needed
Prioritizing tasks based on safety and company needs
Communicating the plan to team members
Tip: The decision process during an incident can be high stress for any incident commander. You may receive recommendations from team members during this stage, but you must take overall responsibility for deciding what to do. You’ll excel in this role if you’re well-versed in gathering information and problem solving .
3. Delegate tasks
After you figure out how to handle a major incident, you’ll quickly need to delegate authority and tasks. It’s essential for team members to know their responsibilities so the incident action plan can function properly.
For larger incidents, set up an incident management team to make the response process easier. The team can help you with:
Debugging
Research
Information security
Process briefings
Tip: Being an incident commander isn’t a job you can do by yourself. You’ll need help from other teams to manage incidents effectively and stabilize the company for future operations. You can assign deputy incident commanders to help you delegate and oversee tasks.
4. Oversee and align teams
After you delegate tasks, transition yourself into a facilitator role as teams try to control the incident. Help team members as needed and ensure everyone understands what they’re supposed to do. Because everyone is working in a time-sensitive environment, you’ll also assist with any communication issues.
A communication plan can help your team understand who should be getting which notifications and when to loop in other teams or departments. As part of your communication plan, clarify which channel team members should use and when, how frequently different details should be communicated, and who is responsible for each of the different channels.
Tip: As an incident commander, you’ll be responsible for resource management during the execution phase of the incident action plan. If your team members need additional resources, it’s up to you to get those resources for them. You’ll establish a unified command and help manage the logistics of the operation.
5. Keep teams calm and focused
Some incidents can cause a lot of stress for team members within the company. For example, if the company experiences a temporary loss of data, you must keep everyone calm and focused.
Team morale can fluctuate depending on the incident. If team members must work remotely, it’s also critical to promote remote collaboration in addition to incident management.
Tip: Keep your team calm and focused in high-stress situations by mixing empathy and urgency. Give team members a moment to gather their thoughts and emotions before you push them into immediate action. Once they compose themselves, you can emphasize the importance of a quick response.
6. Escalate issues and review
When an incident is too complex for your team to handle alone, it’s up to you to escalate the issue to assisting agencies or departments. This may include seeking help from stakeholders or senior management. If escalation isn’t needed to handle the incident, then you can begin a detailed follow-up of the incident instead.
The final step of an incident response is the post mortem meeting . THis i a chance for you and your team to assess how well you handled the incident. Make sure to evaluate and review:
The speed of response
Overall task performance
The level of incident control
Your personal performance as incident commander
Your incident action plan’s efficiency
The risk for future related incidents
Tip: The goal of the post mortem is to learn from things that went well during incident response—as well as the things that went wrong. That way, the next time an incident occurs, you can manage your team members more efficiently and feel more confident about whatever comes your way.
5 areas of the incident command system (ICS)
The incident command system (ICS) is a standard organizational structure you can follow if you want to respond to incidents quickly and have the support you need to manage every aspect of an incident.
Like a company project, an incident requires planning, logistics, and a clear operational process to control. The difference with an incident is that the stakes are higher and the timeline is shorter.
Command: The incident commander sits at the top of the incident command structure. You may have other members help with management, such as a liaison officer or a public information officer. Team members in the command section set objectives and provide overall guidance on the incident.
Planning: The incident commander is involved in the planning section of the incident command system. Depending on the size and scope of the incident, you may invite others to help you create the incident action plan.
Logistics: The logistics section provides available resources and direction to support the incident action plan. When the operations team has questions about how to execute tasks within the action plan, they can discuss their questions with both the incident commander and members of the logistics team.
Operations: In the operations section, team members organize resources provided for them by the incident commander and the logistics team. They’ll receive direction on the incident action plan and use the resources to carry out the action plan.
Finance/administration: The incident action plan costs money to carry out and the finance and administration team will guide team members financially and track costs related to the incident. As the incident commander, you will work with the finance team to allocate funding for the incident action plan.
Other roles that may work with the incident commander in these sections of the ICS include:
Tech lead: Having a tech lead in a senior response position can be helpful for planning, logistics, and operations. This person helps the incident commander determine why the incident occurred. They can then help create the incident plan and work with the technical team to put the plan into action.
Communications manager: A communications manager is an essential role when controlling an incident because stakeholders and customers will need to know what’s going on. While the incident commander and technical team work quickly to fix the problem, the communications manager shares status updates so internal and external parties are kept updated on the incident.
Customer support lead: If the incident in question is customer-facing, a customer support lead is crucial for managing incoming communications from customers, whether that be tickets, phone calls, or social media posts. This person ensures customers are taken care of while the incident commander works to fix the problem.
As incident commander, you’ll be the point of contact for all departments when an incident occurs and through the entire incident action plan response process. It’s up to you to plan and execute the action plan and ensure it runs smoothly.
Improve incident response with project management software
Determination and organizational skills can help you manage a team efficiently. Incidents often come with heavy time constraints, but with the right tools, you’ll feel prepared to come up with solutions quickly.
Project management software can improve incident control by streamlining communication across your organization and implementing response processes that your team feels comfortable putting into action.