Last updated on: 17 April 2023
An incident is an interruption to IT services or business operations. Several incidents take place in an IT environment, affecting different levels, from individual users to vital business functions. It could be a service outage affecting a broad range of users or something as trivial as a faulty keyboard.
For major incidents, the domino effect of outages can have a major impact on the business and the stakeholders involved. Even tech giants are not immune, as their subsidiaries and associated services are affected. The root cause of an issue could be a simple update on the back end that causes the business to come to a halt, affecting millions of users accessing the platforms. According to TechChannel, a single minute of downtime can cost anywhere from $1 million to over $5 million.
Incident management is an IT service management process in which issues are identified, analyzed, and resolved by restoring services swiftly with minimal business impact. This process is essential in day-to-day business operations to get back to business as usual.
What is an incident commander?
The role of an incident commander is to keep the incident resolution process moving forward to resolution.
An incident commander is the person in charge of incident response, responding to incidents and remediating them. Without preparation and organization, your IT team would be lost in the dark. This is where the incident commander steps in as the first point of contact for any type of incident. An incident commander is also known as an incident manager or IT incident commander.
The incident commander views the entire incident from an analytical standpoint, keenly investigating, identifying the symptoms, and coordinating the incident response. They set out an incident action plan, delegating tasks and liaising with the stakeholders involved. The main goal is to keep moving towards a resolution. The incident commander does this by deciding the next steps to carry out in the incident management process.
Why do you
need an incident command team?
The larger your organization grows, the more you need to streamline your incident management. The evolution of your business models, culture, and policies involves a lot of people, including stakeholders, incident commanders, management, and customers. With this comes increased complexity in getting to the root cause of incidents for deeper analysis when something breaks. Your IT services team will need someone who is in command of incident response and coordinates making decisions and gathering context by talking to subject matter experts.
In fast-paced work environments, incidents can easily occur without any warning. Organizations might need more than just one incident commander to manage the workload and avoid exhaustion. The incident command team's responsibilities include coordinating and making rapid decisions in urgent, demanding situations. They come up with a custom framework to overcome the challenges of each incident. For instance, when there is a network issue, the incident commander and incident coordinators triage the incident based on its impact and delegate it to the right department to troubleshoot and resolve it.
You need effective leadership to focus on the incidents that impact your revenue and customers. The incident commander should have assertive communication skills to deal with challenging situations calmly and direct the incident command response team to a resolution. They bring a sense of order and know how and when to leverage the right people, processes, and technology to ensure everything is under control.
Incident commander responsibilities
The incident commander designated for a particular incident is the one who identified it in the first place. What is the incident commander responsible for? The incident commander's responsibilities revolve around resolving incidents effectively with their knowledge and experience. As the organization grows, the incident commander cannot be expected to control every aspect of an incident. In this case, a command structure is essential to reach a resolution without getting stagnated. Listed below are the incident commander's responsibilities:
Establishing good communication lines
The incident commander should maintain effective communication lines by being available 24/7. For example, sometimes information is needed from the incident commander who is on the ground investigating. The incident commander could be available through a radio while attending to something else.
Keeping the team calm
It is only natural for the stakeholders and incident command team members involved to panic during incidents. This is exactly where an incident commander comes in, keeping the incident command response team composed and focused on the issue at hand. Empathy is often an overlooked skill. The ability to listen to those involved in the incident helps them arrive at better decisions.
An incident commander is expected to make quick decisions about the next step in a process. They use a comprehensive approach to determine the cause of an incident. The real challenge is to see the incident as a whole and also simultaneously understand the individual parts.
Managing resources is a priority for arriving at a resolution. If additional resources are required to speed up the resolution process, then an incident commander escalates it to more senior technicians specialized in that particular domain. They should have the mental resilience to deal with incidents that might last for several hours or weeks and keep up the team members' spirits.
Delegating tasks to technicians
An incident commander quickly analyzes incidents and delegates tasks to the technicians with the right expertise. An IT incident commander is a master who knows the strengths and weaknesses of every member of their incident command response team. They also know exactly when to add more incident command team members, thereby mitigating mental burnout and negative team dynamics.
When an incident occurs, it is quite possible to have multiple teams involved in the resolution process. An incident commander is supposed to ensure there is no overlap of duties carried out by the incident command team members. They encourage productive debates involving varying perspectives to increase the chances of arriving at a resolution.
Ensuring incident preparation
An incident commander garners information about an incident and the number of users impacted, then establishes immediate priorities with an action plan. With their years of experience, they should always have a backup plan in mind.
Predicting the next move
An incident commander always thinks a step ahead. What worked the previous time when the same incident occurred? What would be the next best step? They should make decisions swiftly and be ready for action, even without much data. Their years of experience help them visualize various scenarios and arrive at the next step.
After the resolution process, an incident commander conducts the postmortem meeting and handles the documentation. This is the part where the incident command response teams can share their opinions and offer suggestions on how to prevent or lessen the impact of similar incidents that occur in the future.
Characteristics of an efficient incident commander
An incident commander is an experienced person who has been actively involved in or at least observed major incidents in the past. An incident commander has to show stakeholders that they are solving incidents in the best way possible. Listed below are the qualities to look for in an incident commander:
Diplomatic: Builds a good rapport with stakeholders
The incident commander has probably been in the organization for decades and hence has established contacts with people in a wide range of senior leadership roles. Now, why is this important? Because when an incident occurs, the incident commander will be reporting the details and the action plan to these stakeholders. Knowing them individually beforehand will build trust and give the IT incident commander an edge.
Adaptable: Soft skills
There is a common misconception that an incident commander is supposed to be technically sound. You need not necessarily be an engineer to become an incident commander. In practice, soft skills play a larger role than technical ones. Did you know even people in the most junior roles can lead major incidents when they are properly trained?
Clearheaded: Brings order to a tumultuous situation
Incident commanders know the process well. They have good clarity with the roles and communication rules. They show no hesitation in delegating tasks to anyone. After delegation, they have regular follow-ups to keep stakeholders informed.
Accountable: Responsible for incident response
The major incident command team members are available to be contacted at any time, even past midnight. The incident commander is accountable and takes full responsibility for navigating the incident command response team through the entire incident resolution process. Usually, when incidents occur, a lot of information is sent out at a rate that makes it difficult to analyze and understand. Thus, it really makes a difference when the incident commander uses their sense of rationality to assess the situation and minimize resource waste.
What is the role of the incident command system (ICS)?
The ICS is a standardized framework applied to emergency response situations. The ICS incident response consists of a procedure to handle incidents of any size. This structure allows you to develop your plan of action for predictable incidents way ahead of time.
The five major functions of the ICS incident response are listed below:
Planning & intelligence
Finance & administration
Best practices checklist for an incident commander
Incident commanders are critical and they work in a high-pressure environment. Considering the high stress they endure, we have put together a checklist to guide the incident command response teams seamlessly through incidents:
Stay updated on the industry
Incident commanders should regularly update themselves on the happenings in the industry, such as the major incidents and responses. This will ensure they are able to guide the incident command team members and coordinate well by following the updated best practices.
Know the organization well
The IT incident commander is supposed to know the incident command team's responsibilities, functions, and dependencies to understand how they work as a whole. It would be ideal to keep all the documentation easily accessible. They should also have a thorough understanding of the organization's incident life cycle.
Plan before incidents occur
It is crucial to have a strategic plan for incidents even before they happen. The more organized and documented your process is, the easier it will be for the incident commander and the incident command team members involved to follow it when the most intense, high-stress incidents occur.
Focus on the task at hand
Incident commanders are experts at focusing on the right information. They leave the troubleshooting to the incident command team members and instead concentrate on handling the process. They know the focus should be on asking the right questions rather than just finding answers. Do you need to loop in another team? Does the new hire understand the incident enough to help? Or do we already have an industry expert to offer advice and look into this? When the right questions are asked, the solutions will start flowing in.
Post-incident analysis is a great way to identify the gaps in the incident command response team's knowledge and work. After resolution, the incident manager must run a postmortem to identify how the team can improve their incident management process in the long run.
The relevancy of an incident commander in a hybrid work environment
As the entire world moves to the hybrid work model, the incident command response team is figuring out ways to handle the increased complexities that come with it. Incident commanders must be more proactive now than ever before and identify bottlenecks and prevent incidents earlier. Having an incident management tool with no-code automation features makes all the difference by reducing response times.
Having an incident commander to make timely decisions and modify plans on the go is necessary. The incident commander is accountable for incident response and assigns tasks internally or externally at their own discretion based on what the situation dictates. Without an incident commander to guide your incident command response team through every step, arriving at a resolution can become chaotic and exhausting.
An incident commander is required to:
- Control the incident.
- Identify and manage risks.
- Evaluate the available resources.
- Develop an incident plan.
Incident management for the whole enterprise
To summarize, an IT incident commander trains the incident command response team to handle incidents effectively. They do not look into any data or perform any actions at all. Rather, they delegate these tasks. They have the enhanced ability to see the bigger picture and learn from past incidents. Every incident commander can benefit from a strong incident management solution. Organizations around the world use ServiceDesk Plus to streamline their IT with efficient ITSM best practices.
An incident commander is the person with the decision-making authority: the first person to arrive who should rapidly assess the incident and guide the incident response team to resolve the issue at hand.
The first and foremost responsibility of an incident commander is to analyze the incident and quickly decide the resources required to arrive at a swift resolution. They request additional resources whenever required to avoid escalations.
An incident commander should be comfortable with delegation and coordination, especially when dealing with customer-facing incidents. Also, they should be good at listening to the subject matter experts and adapting the existing plan to formulate well-informed decisions quickly.
About the author
Vidhya has authored several UEM best practice blogs and technical articles, driven SEO campaigns, and hosted webinars for the patch management side of ManageEngine’s UEM platform. Coupled with her diversified experience of creative writing and marketing in Australia for two years, Vidhya is now back in IT management as a marketing analyst. Currently, she provides content for ITSM-related topics and delivers customer education programs for ServiceDesk Plus customers. In her free time, you can catch her reading mystery-thriller novels and binge-watching TV sitcoms.