While every critical incident is different, many elements of a successful response are common to all. It can be helpful to consider the sequence of events in a crisis as successive stages, each with its own priority actions.
The section below outlines six successive stages that apply to most critical incidents.
1) Anticipation and pre-emption
While technically completed before critical incident management begins, this first phase sets the context for you as an incident manager. It will give you ready-to-use tools for an immediate response should an emergency situation occur. Previous modules have already detailed the value of completing the following measures before an incident occurs.
– Threat and risk assessment
– Implementation of mitigation measures
– Contingency planning
– Briefing and rehearsals
Once a critical security incident occurs, what must you, as a manager, do first?
2) Initial reaction
Imagine that a bomb blast or a rocket attack has just occurred, or you have just received a panicked radio call from your field team’s vehicle driver saying that they are coming under hostile fire. A critical incident has happened or is happening; what do you do now? The first few minutes are critical; what has to be done first? Before you do anything, pause and take a deep breath. Get control of yourself—a panicked manager will only contribute to the chaos of the situation. You will first want to determine:
– What information you need to know right away? What essential pieces from the story are missing? Remember the key words: what, when, where and who (which for you will include knowing which of your staff members, if any, are involved). Why and how may not be immediately answerable but will come later.
– What decisions need to be made, and when? Does the decision need to be taken immediately? If so, then don’t delay. But if not, the quality of the decision may benefit from further time for reflection and gathering of facts. Studies of past responses to critical incidents show many cases where quick managerial decisiveness was exactly what was needed, but also show others where hastily made decisions only added to the confusion. First deciding what you need to decide can be a wise investment of time.
– Who needs to be notified immediately? You will be ahead of the situation if you have asked and answered this question already during your planning process.
3) First steps
If you are directly involved in a critical incident, the most immediate measure is always to save lives—your own and as many others as you can. You will also be working to limit the extent of the damage. This may mean putting out burning fires, keeping unaffected staff members and others from entering unsafe situations, using first aid to keep injured staff from dying, limiting movement of staff to reduce overall chaos, assigning (or re-assigning) needed tasks, and other measures to maintain an orderly and effective response.
After saving life, your next priority is usually accounting for all staff for whom you are responsible and confirming the identity of any casualties. Equally important at this stage are immediate actions to protect other uninvolved staff from being affected by the incident,
e.g., by sending a warning or restricting movement as necessary. Your initial communications should be to those most able to help you (normally first-response authorities) and to those who need to be alerted to prevent them from becoming involved (e.g., your staff and partners).
If you are managing a critical incident from afar, or simply receiving the information from the field, it is important to remember that the priority to save lives takes precedence over your need for information; you may need to give colleagues time to handle the situation before they can report accurately. Nevertheless, an alerting report should be provided as soon as possible, and should include information on any staff members involved, measures taken to protect other staff and immediate support needed.
4) Establish control
Establishing control means gaining the initiative in the response so that you and others are not constantly responding to the next urgent request or need, but rather, taking proactive measures in order to reduce the overall chaos of the situation into a logical system of response.
This lets you set priorities and assign responsibilities so that important activities are not overlooked while the crisis team responds to the urgent issues relating to the incident. During this phase, you should:
If MEDEVAC is required, both medical and logistic experts will need to be consulted.
5) Establish an incident management routine
For serious incidents resulting in multiple casualties, significant delay of operations, or an investigation, the overall crisis response will begin to take on a routine of its own. The response dedicated to the incident and its results may take weeks, months, or longer. Dealing with family members, media reporters, and local and international authorities can become a full-time job for some members of the office. It is best to recognize this possibility from the beginning and to assign adequate resources. The key to managing the overall operations in these situations is to keep other important and ongoing activities running as well as possible, and to divide the responsibilities of the staff to keep all from being consumed by the critical incident response.
To do this, you will need to:
Once a critical incident is past and special response procedures begin winding down, where do you focus your attention before returning to “work as usual”?
6) Post-incident stage
The critical incident management stage will eventually come to an end. Slowly but surely, life will return to its normal pre-incident pace and activities. It is important at this time to reflect on what has happened and to document procedures that worked well and those areas where further improvement is needed to be ready for future incidents. Remember that the incident will very likely change your threat and vulnerability analyses, and your day-to-day routines. You may never return to the same working norms that existed before the incident due to changes in your security procedures, and possibly your field program designs. Specifically you will want to: