Critical incident management is a risk management process that is linked directly to security risk assessment and the security plans and planning discussed in the previous chapters. It is an integral component of the overall SRM approach. Security plans are based on the threats identified in the security risk assessment process. We have seen that specific security contingency plans should be developed for particularly high-risk possibilities you have identified.
If the SRA has been done well, you will likely have identified the types of critical incidents or scenarios that have a high possibility of affecting your office or staff in the field. If the contingency planning process has included key staff members who have talked through the actions to be taken in such an event, then it is reasonable to expect that the staff will perform better should the actual event occur. The extent to which these plans are disseminated to all staff and rehearsed in realistic drills will also effect how fast and how well-organized the initial response will be. Because the relationship between planning and response is so essential, it can be difficult to define the exact boundary between the contingency planning process and critical incident management.
In general, we may say that critical incident management technically begins when the event itself occurs, but many of the steps required to manage the crisis effectively must be taken, or planned for, well before then.