1. Blog
  2. Communication

Incident Response Plan: How to Prepare for the Unexpected

Brian C. McIlravey

December 30, 2020 · 5 min read

When we first heard of COVID-19, nobody expected how pervasive it would be, how much it would change our lives, how much it would transform the way we work, and how rapid that change would be. But here we are, almost a year later and still trying to adjust to this new normal, which now may be less new, and just normal. We have always believed that communication is the most critical piece of an organization, and that is even more apparent in a crisis or time of significant change.

What is an incident response plan?

This pandemic has tested many businesses’ incident response plans this year and has shone a light on what works well and what needs to be improved. But what has become abundantly clear, is that an effective incident response plan must include a solid incident communications strategy, which can make all the difference when a crisis hits.

The challenge is making sure you cover all the bases of what an “incident” can be. Catastrophic events like floods, fires, earthquakes, and most recently, a pandemic, are some obvious examples of incidents that would kickstart an incident response plan into action.

But any incident that causes downtime and affects customers would fall into this category as well. Even seemingly minor power outages, software glitches, network disruptions or corporate network hijacking can have a major impact on business.

Handled poorly and without planning, they can cost a tremendous amount of money and loyalty. Handled well, they can actually improve the way customers feel about your brand, boosting both trust and retention.

To make sure that the negative impact of an incident on your business is minimized, especially during a time when most employees are working remotely, it is of the utmost importance to keep everyone connected. This can be done in a digital workplace through both timely incident communications and reliable tools.

Get started with an incident response plan template

So, how do you plan for uncertain risk? You map out all the key things you’ll need to do, and using an incident response plan template is a great place to start. A comprehensive template will help you cover all the bases, so you know exactly what steps to follow when an issue, big or small, inevitably occurs.

To get started, take a look at the incident response template below. It’s based on the one that we use here at Igloo, but I think you’ll find it helpful as you build out a plan that’s tailored to your own unique requirements.

Download the Incident Response Plan Template

Although your plan needs to cover a range of issues, it’s important to stay focused so it doesn’t become unwieldy. Keep it easy to understand and easy to follow for everyone so that there’s no confusion during a time when actions need to be quick and decisive. You’ll want to track not only who has read it, but also test them to make sure they understand their role in the plan.

With respect to people’s roles make sure you involve the right people in the planning. This should include executives, your business continuity group, and your corporate security group, who all have significant roles in ensuring incidents are handled properly. While it may be difficult getting these different groups to collaborate and come together to create the plan, it is crucial not only for this but to the business as a whole.

Incident response plan steps and information

In addition to downloading the template and modifying it to suit your requirements, one helpful way to ensure you’re not missing important information is to approach it as a journalist would. Think “Who, What, Where, When, Why, How, and How Much”:


Who can trigger an incident report? Who must be notified, both internally and externally? (For example: depending on the severity, do you need to alert all customers? All employees? The media?) Who’s responsible for what action in the resolution process? Who’s leading the charge?


What defines an incident? What defines a particular incident’s severity, and where would it fall on a scale to rate each issue? What if there is a disagreement over the severity? What’s the workflow you will use for resolution? What are the steps that must be followed?


Where do you find the tools and assets you may need in the resolution process? Is it up to date and easily accessible, or is it in a binder that no one can find?


When do you put the plan into effect, in terms of how quickly you must react for each type of incident and severity level? When is this kind of issue likely to occur again?


Why did this happen, and what can be done to prevent it from happening again? Proper post-incident tracking and investigation management is essential in this process.


How do you resolve each type of incident? How do you determine when the incident is over? How do you communicate (internally and externally) at each step in the plan?

How Much?

Also known as ‘impact’ and one of the most important parts of the severity rating, what are both the financial and human repercuissions for any incident or risk?

Principles for an incident response plan communications

Of course, there’s always a risk of something unanticipated occurring during an incident, so it’s important to try to build that into the plan as well.

One way to address the risk of the unknown is to map out your corporate values. This will help steer your employees in the right direction, and stay on track if they have to address something that you didn’t (or couldn’t) see coming. At Igloo, we apply the following guiding principles when it comes to incident communication:

React quickly.

Customers, employees, and other stakeholders shouldn’t be left waiting and wondering what happened or what to do when there’s something going on.

Communicate frequently.

Define exactly how often we need to be in touch with groups according to an incident’s priority level — and we stick to it.

Be clear.

It shouldn’t be up to customers, or even employees, to interpret or figure out what is happening. Avoid jargon, abbreviations, acronyms, and get straight to the point.

Be consistent.

If we’re going to be using a number of channels, we’re careful to tell the same story and information regardless of the format, so there’s no room for confusion.

Be honest and transparent.

Nothing good comes from leaving information out. The impact of deception is greater than that of owning a mistake or taking responsibility.

Incidents that impact your employees or your ability to effectively serve your customers could make or break your business. That’s why there’s no better time than right now to get your incident response plan locked down. And while you’re at it, take a look at how your business tools will hold up during an incident. Are they strong enough to support business continuity? If your entire operating model changed in one week like it may have with COVID 19 and the shift to a remote workplace, do you have the right tools to ensure everyone is getting the right message, at the right time? If the answer is no, we have an article that goes into more depth about maintaining this continuity.

Get the right tools in place, ahead of time

Plans are only as good as the tools that support them. Put your tools to the test as you run through your incident response plan. If there are some hiccups due to technology, now is the time to address them.

Igloo provides digital tools you can rely on for crisis communications and business continuity. Our user-friendly intranet platform is the foundation for many of our customers’ business continuity plans. For our customers in the healthcare industry, keeping their staff updated with the latest COVID-19 information has been critical in the battle against the virus.

Many of our customers have identified their digital workplace as a critical tool to ensuring that their corporate communications during emergencies are timely, accurate, and easy to find.

Read the blog article

Timely communications are everything during a crisis, but there are other ways that a stellar intranet can help you manage an incident effectively as well. Learn about Incident Zones to ensure clear communications in a crisis.