Premium Essay

Critical Incident Management Policy

Submitted By
Words 1669
Pages 7
Critical Incident Management Policy

Management Policy

1.0 POLICY PURPOSE
The purpose of the Critical Incident Management Policy is to effectively identify, respond, manage, and communicate Priority 1 (P1) Incidents, caused by errors in the infrastructure, reducing the overall impact to the business and customers. This document outlines the need and focus of identifying, communicating, and resolving these serious issues within the Enterprise Technology and Operations (ETO) environment.
2.0 POLICY SCOPE
This Policy focuses primarily on Tier 1 (critical) applications and services, as defined by the Bank Impact Analysis report and maintained within the Fusion database. Those primarily involved in the Critical Incident Management Policy include: …show more content…
4.0 POLICY REQUIREMENTS
4.1 Incident Reporting and Recording
4.1.1 All Incidents will be immediately reported to the ETO Service Desk.
4.1.2 All incidents that allocate ETO resources for resolution must have an incident record opened.
4.1.2.1 BMC Remedy is the incident management system used by ETO at Zions Bancorporation to record, monitor, and report incidents affecting the technology environment and Bank Critical Systems.
4.1.2.2 The Incident records within BMC Remedy are the document of record for capturing the incident description, from beginning through resolution and closure.
4.1.2.3 Incident owners and assigned support groups will record and capture incident description, application impact, and resolution detail in the Remedy Incident record.
4.2 Incident Stratification
4.2.1 All incidents will be classified and categorized to determine the proper incident priority and response
4.2.1.1 Critical Incidents are prioritized following the ETO Incident Priority Ranking Matrix based on the specific business and customer urgency and impact.
4.3 Incident …show more content…
4.3.1.1 The broadcast will contain a condensed incident summay and stratification detail as defined in the ITSM Critical Incident Process.
4.3.1.2 Affiliate, Operational, or other Corporate P1 P1 communication, response, and policies are independent of this Policy and triggered as appropriate by this broadcast. (See Critical Incident Communication Map).
4.4 Incident Ownership
4.4.1 Incident ownership will be aligned with the root cause of the incident.
4.4.1.1 Vendor incidents will be assigned to the support resources that manage the vendor relationship.
4.4.1.2 Incident Ownership can evolve based on investigation during the incident resolution as well as during the ITSM Post Incident Review Process.

5.0 POLICY APPROVAL
5.1 This policy must be reviewed and approved at least semi-annually.
5.2 The Risk Management Governance department must review this policy prior to submission for policy approval to validate governance elements are correctly included.
5.3 This policy must be submitted for approval accompanied

Similar Documents

Premium Essay

Preparedness and Mitigation Plan Analysis

...the security department. Having mitigation plan can be very important because of the amount of students that are on the campus they need to feel safe in their environment. In the critical incident management plan that the campus defines the authority, defines the terminology used in plan and in critical incidents, it also defines procedures for the delivery of timely response to incidents, and also defines the roles and responsibilities given to everyone. A brief over view of the critical incident plan involves critical incident reporting which should ideally be reported as soon as possible to a supervisor. The critical Incident action plan for the British Columbia Institute of Technology assumes immediate response, this includes police and fire. Then the plan has employee development along with the communication part of the plan, this is where pre incident communication will involve educating the staff and students. The next step of the incident plan involves Incident response evaluation then the ongoing work leads to training, where they train the staff to be ready for a proper incident response. One main exclusion they have left out of the critical incident plan would be the role of the parents in case of an emergency situation. After reading through this critical incident plan it seems like it is more focused towards if any students were to get...

Words: 725 - Pages: 3

Premium Essay

Security Policies and Implementation Week Four Lab

...------------------------------------------------- Sara ------------------------------------------------- 10/11/2014 ------------------------------------------------- Week 4 Laboratory: Part 1 Part 1: Identify Necessary Policies for Business Continuity - BIA & Recovery Time Objectives Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify the major elements of a Business Continuity Plan (BCP) * Align the major elements of a Business Continuity Plan with required policy definitions * Review the results of a qualitative Business Impact Analysis (BIA) for a mock organization * Review the results of defined Recovery Time Objectives (RTOs) for mission-critical business functions and applications * Create a BCP policy defining an organization’s prioritized business functions from the BIA with assigned RTOs Week 4 Lab Part 1: Assessment Worksheet (PART A) Sample Business Impact Analysis for an IT Infrastructure Overview When conducting a BIA, you are trying to assess and align the affected IT systems, applications, and resources to their required recovery time objectives (RTOs). The prioritization of the identified mission-critical business functions will define what IT systems, applications, and resources are impacted. The RTO will drive what type of business continuity and recovery steps are needed to maintain IT operations within the specified time frames...

Words: 1852 - Pages: 8

Premium Essay

Risk

...T e c h n i c a l n o T e s a n d M a n u a l s Operational Risk Management and Business Continuity Planning for Modern State Treasuries Ian Storkey Fiscal Affairs Department I N T e r N A T I o N A l M o N e T A r y F U N D INTerNATIoNAl MoNeTAry FUND Fiscal Affairs Department Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey Authorized for distribution by Sanjeev Gupta November 2011 DISCLAIMER: This Technical Guidance Note should not be reported as representing the views of the IMF. The views expressed in this Note are those of the authors and do not necessarily represent those of the IMF or IMF policy. JEL Classification Numbers: Keywords: H12, H60, H63, H83 business continuity, disaster recovery, business continuity and disaster recovery plan, operational risk, operational risk management, treasury operations ian@storkeyandco.com Author’s E-Mail Address: TECHNICAL NoTEs ANd MANUALs Operational Risk Management and Business Continuity Planning for Modern State Treasuries Prepared by Ian Storkey This technical note and manual (TNM)1 addresses the following main issues: • What is operational risk management and how this should be applied to treasury operations. • What is business continuity and disaster recovery planning and why it is important for treasury operations. • How to develop and implement a business continuity and disaster recovery plan using a six practical-step...

Words: 10882 - Pages: 44

Premium Essay

Cyber Security Act

...Technology Government of India Electronics Niketan, Lodhi Road New Delhi – 110003 Discussion draft on National Cyber Security Policy “For secure computing environment and adequate trust & confidence in electronic transactions ” Your comments/feedback on this document are most welcome. Please send your valuable comments/feedback by 15 May 2011 to Dr Gulshan Rai, Director General, CERT-In, at the at the above address or on email id ‘grai@mit.gov.in’ Discussion draft Department Of Information Technology National Cyber Security Policy “For secure computing environment and adequate trust & confidence in electronic transactions ” Contents 1.0 Security of Cyber Space – Strategic perspective 1.1 IT as an engine for economic growth and prosperity 1.2 Security of cyber space - Need for action 1.3 Target audience 1.4 Securing cyber space – Key policy considerations 2.0 Cyber space – Nature of threat 2.1 Threat landscape 2.2 International cooperation 2.3 Securing cyber space – Scope of action 2.3.1 Cyber security and cyber defense 2.3.2 Cyber intelligence and cyber defense 2.4 Priorities for action 2.5 Partnership and collaborative efforts 3.0 Enabling processes 3.1 Security threat and vulnerability management 3.2 Security threat early warning and response 3.3 Security best practices - compliance and assurance 3.4 Security crisis management plan for countering cyber attacks and cyber terrorism 3.5 Security legal framework and law enforcement 3.6 Security information sharing...

Words: 7888 - Pages: 32

Premium Essay

Critical Incident Report

...Marketing Critical Incident Report Bachelor of Commerce (Marketing & Management) Author: Goh Bing Chong Basil (5269131) * Executive Summary This critical report took place at Mischief’s restaurant during September 2015, during the interview it was revealed that an unfortunate case of the dissatisfying experience was involved. Both management and staffs level of customer service provided was a disappointment to customers. After the analysis of the critical incident report, a customers and provider gap is discovered. The analysis demonstrates the lack of reliability & empathy, which directed to customer gap. The lack of knowledge gap about management using the wrong digital platform for reservation needs which led to failing to reserve a seat for a customer. Additionally, a policy and delivery gap was discovered, because there was an absence of employee protocol and absence of a proper training program. The report concludes by suggesting three recommendations for closing the provider gaps. Which is using the right digital platform for reservation booking, a structure work protocol when unexpected crisis arises and finally proper training program for employees. This report offers a valuable resource for Mischief to improve their service quality in the future. Table of Contents Executive Summary 2 1. Critical Incident Description 4 1.1 Circumstances leading up to the incident 4 1.2 What Occurred During the Incident 4 1.3 What Made the Incident Dissatisfying...

Words: 3059 - Pages: 13

Premium Essay

Provincial Incident Management System

... | Table of Content Chapter Page 1. WHAT IS THE PROVINCIAL INCIDENT MANAGEMENT SYSTEM? 4 2. INTRODUCTION 5 3. CONCEPTS AND PRINCIPLES 5 4. OVERVIEW OF PIMS COMPONENTS 6 4.1. PREPAREDNESS 6 4.2. COMMUNICATIONS & INFORMATION MANAGEMENT 6 4.3 RESOURCE MANAGEMENT 6 4.4 COMMAND & MANAGEMENT 7 4.5 ONGOING MANAGEMENT & MAINTENANCE 7 5. COMPONENT 1: PREPAREDNESS 8 1) UNIFIED APPROACH 8 2) LEVELS OF CAPABILITY 9 6. COMPONENT 2: COMMUNICATION AND INFORMATION MANAGEMENT 16 7. COMPONENT 3: RESOURCE MANAGEMENT 23 a) CONCEPTS AND PRINCIPLES 23 1) Concepts 23 2) Principles 23 a) Planning 24 b) Use of Agreements 24 c) Categorizing Resources 24 d) Resource Identification and Ordering 24 e) Effective Management of Resources 24 8. COMPONENT 4: COMMAND & MANAGEMENT 25 a) INCIDENT MANAGEMENT SYSTEM 25 b) MANAGEMENT CHARACTERISTICS 26 9. PIMS AND ITS RELATIONSHIP TO THE PROVINCIAL DM FRAMEWORK 28 |Distribution | At this stage limited to GPG OPS Workgroup members |WHAT IS THE PROVINCIAL INCIDENT MANAGEMENT SYSTEM? | The Provincial Incident Management System (PIMS) provides a systematic, proactive approach to guide departments and agencies...

Words: 13459 - Pages: 54

Premium Essay

Frozen Rock-Solid

...messages to inform others that certain freezable chemicals like upholstry cleaners must be shipped in heated trucks during the winter. A few months after he retired, the parts distribution centre in Woodstock, Ontario, began to receive calls from angry customers across Canada who were upset because the chemicals they were receiving were frozen rock-solid. The reason: nobody in the company knew enough about the retiree’s job to make sure that the chemicals were properly transported during the winter. A minor oversight? Not quite. It cost the company $1.5 million. Other incidents at GM have also been reported. For example, 400 perfectly good carburetors were accidently destroyed at a cost of $300,000 because the worker who kept them off the scrap list retired. It has also been reported that a $250,000 car prototype was crushd into scrap metal because the employee who was responsible for it was transferred. Incidents like these are known to occur at other companies. (Source: Livesey, B (1997, November). Glitch doctor. Report on Business Magazine, pp.96-102. Reprinted with permission of Bruce Livesey. Questions 1. Why do you think this is an important story to tell company executives and managers? What is the main point of the story? This important story highlights the need for a comprehensive training and development...

Words: 876 - Pages: 4

Premium Essay

Is305 Project

...Risk Management Plan Project Name: IS305 Project Manager: Paul Bettinger Date: October 1, 2013 RISK management PLAN INTRODUCTION 2 PURPOSE AND SCOPE 2 RISK MANAGEMENT PLANNING 3 RISK MANAGEMENT ASSIGNMENTS 6 RISK MANAGEMENT TIMELINE 7 MITIGATION PLAN Introduction 8 Cosiderations 8 Prioritizing 9 Cost benefit analysis 10 Implementation 11 Follow-up 11 Buisness impact analysis Introduction 12 Scope 12 PURPOSE AND objectives 13 Steps of bia 13 final review 15 BUSINESS CONTINUITY PLAN Introduction 16 oBJECTIVES 16 BCP PLANNING 17 PLAN UPDATES AND TRAINING 21 computer incident response team Introduction 22 Purpose 22 elements of the plan 23 incident handling process 23 cirt members 23 detection 24 containment 24 recovery and review 24 cirt policies 25 FINAL THOUGHT RISK MANAGEMENT PLAN INTRODUCTION A risk management plan is a process for identifying, assessing, and prioritizing risks that could cause the company a loss. Identifying these risks, threats and vulnerabilities and taking action to prevent or control them now and in the future. Creating a risk management consists of measuring and prioritizing risks involved and taking actions to reduce any loss the company may encounter. Being that indirectly we work with the Department of Defense, which as you knows is a department of the United States Government dealing with national security, a well-developed risk management plan is of the upmost importance. Without updating...

Words: 5009 - Pages: 21

Premium Essay

Term

...STRATEGY .............................................................................................5 SECURITY COMPONENTS ...................................................................................................................................12 RISK MANAGEMENT ................................................................................................................................................12 POLICY MANAGEMENT ............................................................................................................................................14 ORGANIZING INFORMATION SECURITY ....................................................................................................................16 ASSET PROTECTION .................................................................................................................................................18 HUMAN RESOURCES SECURITY ...............................................................................................................................20 PHYSICAL AND ENVIRONMENTAL SECURITY ...........................................................................................................22 COMMUNICATIONS AND OPERATIONS MANAGEMENT .............................................................................................24 ACCESS CONTROL .....................................................................................................................................................

Words: 14063 - Pages: 57

Free Essay

Incident Response Plan Example

...Incident Response Plan Example This document discusses the steps taken during an incident response plan. To create the plan, the steps in the following example should be replaced with contact information and specific courses of action for your organization. 1)The person who discovers the incident will call the grounds dispatch office. List possible sources of those who may discover the incident. The known sources should be provided with a contact procedure and contact list. Sources requiring contact information may be: a)Helpdesk b)Intrusion detection monitoring personnel c)A system administrator d)A firewall administrator e)A business partner f)A manager g)The security department or a security person. h)An outside source. List all sources and check off whether they have contact information and procedures. Usually each source would contact one 24/7 reachable entity such as a grounds security office. Those in the IT department may have different contact procedures than those outside the IT department. 2)If the person discovering the incident is a member of the IT department or affected department, they will proceed to step 5. 3)If the person discovering the incident is not a member of the IT department or affected department, they will call the 24/7 reachable grounds security department at xxx-xxx. 4)The grounds security office will refer to the IT emergency contact list or effected department contact list and call the designated numbers in order on the...

Words: 1230 - Pages: 5

Premium Essay

Contingency Planning Policy Statement Paper

...Contingency Planning Policy Statement iPremier has chosen to adopt the Contingency Planning principles established in NIST SP 800-34 “Contingency Planning Guide for Information Technology (IT) Systems,” as the official policy for the risk management, incident response for DDoS attacks. The following subsections outline the Contingency Planning standards that constitute iPremier’s policy. Each iPremier Business System, including third-party service providers, is then bound to this policy, and must develop or adhere to a program plan which demonstrates compliance with the policy related the standards documented. Business Impact Analysis Preliminary System Information Organization: iPremier Date BIA Completed: System Name: Customer’s Web...

Words: 1444 - Pages: 6

Premium Essay

Is4550 Lab8

...unit 8 Lab1 Craft a security or computer incident Response policy – CIRT Response team 3. Why is it a good idea to include human resource on the incident Response Management Team? Most organizations realize that there is no one solution or panacea for securing systems and data instead a multi-layered security strategy is required. 4. Why is it a good idea to include legal or general counsel in on the Incident Response Team? An incident response must be decisive and executed quickly. Because there is little room for error, it is critical that practice emergencies are staged and response times measured. 5. How does an incident response plan and team help reduce the risk to the organization? While preventing such attacks would be the ideal course of action for organizations, not all computer security incidents can be prevented. 6. If you are reacting to a malicious software attack such as a virus its spreading, during which step in the incident response process are you attempting to minimize its spreading? In most areas of life, prevention is better than cure, and security is no exception. Wherever possible, you will want to prevent security incidents from happening in the first place. However, it is impossible to prevent all security incidents. When a security incident does happen, you will need to ensure that its impact is minimized. To minimize the number and impact of security incidents. 7. If you cannot cease the spreading, what should you do to protect...

Words: 507 - Pages: 3

Free Essay

Fema Training

...comprehensive, nationwide, systematic approach to incident management, including the Incident Command System, Multiagency Coordination Systems, and Public Information * A set of preparedness concepts and principles for all hazards * Essential principles for a common operating picture and interoperability of communications and information management * Standardized resource management procedures that enable coordination among different jurisdictions or organizations * Scalable so it may be used for all incidents (from day-to-day to large-scale) * A dynamic system that promotes ongoing management and maintenance | * A response plan * Only used during large-scale incidents * A communications plan * Only applicable to certain emergency management/incident response personnel * Only the Incident Command System or an organization chart * A static system | Correct. Review the feedback below. When you are ready to proceed, click on the Next button. Review the correct answers below: CONSISTENT WITH NIMS: A jurisdiction is inventorying and categorizing resources (e.g, personnel, equipment, supplies, and facilities) to establish and verify levels of capability prior to an incident. Explanation: Inventorying and categorizing of resources is a critical element of preparedness because it: * Establishes and verifies the levels of capability needed based on risk and hazard assessments prior to an incident. * Identifies and verifies that emergency response...

Words: 6379 - Pages: 26

Free Essay

Critical Incidient

...Critical Incident Joseph J. Sabia Jr. Dr. Alice McDonnell Managerial Decision Making in HAS-537 There are always going to be unforeseen happenings that occur whether it is in your personal or professional life and one must always be prepared to handle these issues head on. Health care administrators are always faced with obstacles that they need to overcome within the facility they work in. I chose to interview Michael Semian, from the Gino Merli Center in Scranton, Pennsylvania. Michael is the Commandant and Head Administrator. Background The Gino Merli center is dedicated to providing their patients with compassionate and high quality care to Veterans of Pennsylvania. The home is a State run VA nursing home open to all honorably discharged Veterans and their spouses. All applicants must be a bona fide resident of the Commonwealth of Pennsylvania. The can move from out of state to be eligible as well. The Gino Merli Center is the first VA nursing home in NEPA. It’s located on the same site where the old State Hospital once was. Typically the Commandant of a VA nursing home is a prior Military but it’s not a requirement. Michael is the first Non-Veteran to serve as Commandant but this hasn’t hindered him in anyway and he has the respect and admiration of all residents and staff. The Center provides 196 beds, including 156 for full nursing care and 40 for dementia. The major difference in the types of residency is the level of care: the Personal Care Unit provides...

Words: 3873 - Pages: 16

Premium Essay

Network Security Policy

...2008 p. 7-21 Network Security: Policies and Guidelines for Effective Network Management Jonathan Gana KOLO, Umar Suleiman DAUDA Department of Electrical and Computer Engineering, Federal University of Technology, Minna, Nigeria. jgkolo@gmail.com, usdauda@gmail.com Abstract Network security and management in Information and Communication Technology (ICT) is the ability to maintain the integrity of a system or network, its data and its immediate environment. The various innovations and uses to which networks are being put are growing by the day and hence are becoming complex and invariably more difficult to manage by the day. Computers are found in every business such as banking, insurance, hospital, education, manufacturing, etc. The widespread use of these systems implies crime and insecurity on a global scale. In addition, the tremendous benefits brought about by Internet have also widened the scope of crime and insecurity at an alarming rate. Also, ICT has fast become a primary differentiator for institution/organization leaders as it offers effective and convenient means of interaction with each other across the globe. This upsurge in the population of organizations depending on ICT for business transaction has brought with it a growing number of security threats and attacks on poorly managed and secured networks primarily to steal personal data, particularly financial information and password. This paper therefore proposes some policies and guidelines that should be...

Words: 3892 - Pages: 16