Incident vs Crisis

What’s the difference between an incident and a crisis?

Not every incident/event is a crisis, but it can have the potential to become a crisis if not handled appropriately.

For example, a stolen laptop that is quickly excluded from connecting to the network would be classified as an incident. 

If the laptop were to be used to connect to the network and steal personal customer data you could very quickly be in “crisis mode” and dealing with a very damaging event in public.

CEN / TS 17091 defines a crisis as an “unprecedented or extraordinary event or situation that threatens an organization and requires a strategic, adaptive, and timely response in order to preserve its viability and integrity”.

The standard includes a section on principles for crisis management which serve as a good guide for the management of any incident that has the potential to become a crisis. 

They are:

  1. a) seek understanding of the situation.
  2. b) achieve control as soon as possible.
  3. c) communicate effectively, both internally and externally.
  4. d) be prepared with clear, universally understood structures, roles, and responsibilities.
  5. e) build situational awareness through good information management and coordinated working.
  6. f) have a clear and well-rehearsed decision-making and action-driving process in line with the core values and objectives of the organization.
  7. g) implement effective leadership at all levels of the organization.
  8. h) ensure people with specific crisis management roles are competent through appropriate training, exercising, and evaluation of their knowledge, skills, and experience.

 

Incident Management starts well before an incident occurs. You need to consider what types of incidents are likely to occur and develop “trigger criteria” which if met will mean specific plans to address that type of incident are invoked.

 

Summary

Hopefully you now have a better understanding of the key differences between an incident and a crisis, and the potential impacts of both on your business.

To find out more about incident management and how best to prepare yourselves in the event of crises, request a copy of our free White paper on Risk Management and Operational Resilience.

Recent News

The Golden Thread – Governance, Risk & Compliance

A joined-up approach to governance, risk and compliance (GRC) is something all GRC practitioners aspire to – but, ...
Read More

Dark Patterns, Hidden in Plain Sight

If you’ve spent any time on the internet, chances are you will have experienced ‘Dark Patterns’ and may ...
Read More

Over 100 Credit Unions Now Using CalQRisk

CalQRisk now has over 100 credit unions actively using their Governance, Risk Management and Compliance solution across the ...
Read More
risk management words

Governance, Risk and Compliance – An Integrated Process

Three-letter acronyms. Love them or hate them, we can appreciate that they are convenient shortcuts. Many of us ...
Read More

Paralympics Ireland choose CalQRisk to streamline their Governance, Risk & Compliance efforts 

Paralympics Ireland has recently implemented the CalQRisk solution to streamline their Governance, Risk Management and Compliance efforts.  Paralympics ...
Read More

Changes to ISO 27001

ISO 27001 is an international standard that outlines the requirements for an information security management system (ISMS). It ...
Read More

DORA – What you need to know

The purpose of the EU’s new Digital Operational Resilience Act (DORA) is to ensure the safety and security ...
Read More

ILCU and CalQRisk form Alliance

The Irish League of Credit Unions (ILCU) has collaborated with CalQRisk to offer a best-in-class governance, risk management ...
Read More
Database

Top Cyber Risks in 2023

In 2023, there are several cyber risks of which organisations and individuals should be aware. These risks can ...
Read More
office meeting at sunrise

10 Things to Ask When Outsourcing / Choosing a Supplier

Many organisations choose to outsource critical functions or services to third parties/contractors. However, outsourcing the work does not ...
Read More