Module 10.4 – Information Management

Much of critical incident management is essentially information management. Deciding how much information to report can be difficult. In dangerous field situations where there are many security related incidents, which incidents do you report? In some cases over-reporting can be problematic in that important incidents may get lost in the paperwork, or those receiving the reports may become so accustomed to receiving security reports on so many routine incidents that they fail to distinguish the difference between major and minor security incidents.

So How do you decide which security incidents to report and which ones not to report?

Security incident reporting thresholds

In high-risk environments, many small incidents occur, sometimes on a daily basis. It is not necessary to treat every security incident, or the news of every incident, as a critical incident. It is important to match your response to the need, and to modify the overall reporting level so that in the event of a significant security incident, important details do not become lost in the paperwork. In general, there are three levels of information to consider in your security reporting. There are some incidents that you should:

  1. Report immediately
  2. Include in your next routine or regular security report, even if it is not going out today
  3. Note, but not report

The brief descriptions below explain each of these levels in more detail. Note that this is general guidance for security incident reporting; your own organization may have specific policies or rules which you should follow. Before going to the field you should know to whom or to which office in your organization you should report such incidents.

Report the incident immediately if:

  • The incident involves the arrest, detention, serious injury or death of a staff member.
  • A staff member was injured or property was damaged in a malicious act.
  • Staff had to take immediate actions to prevent possible serious injury/property damage.
  • The incident could have a serious and immediate impact on the safety of staff.
  • The incident involves a personal threat to a staff member.
  • The incident is likely to receive substantial media coverage – your headquarters will not want to learn of this event on the evening news, send your report so that they can better respond to queries form the media that may follow the initial news coverage.

Include in your next regular periodic report if:

  • The incident indicates a general tendency or trends in the security situation.
  • The incident could impact the agency in the medium/long term.
  • The incident involves partner agencies not directly related to the organization’s activities.
  • The incident is minor (no injury/minimal damage) and does not have an impact on the organization’s operations.

Don’t report:

  • Random incidents not involving organization staff or partner agencies that do not indicate a significant tendency or trend.
  • Information that will be seen by government interlocutors or other partners and may make your report seem to be a military or intelligence report.
  • Generally, information concerning intimate matters such as sexual assault should not be reported through ordinary channels, especially when the victim specifically asks you not to do so. Your organization may have special procedures for handling such incidents with confidentiality.


Critical incident management refers to actions that take place after a serious security incident has happened. However, many tools and preparedness measures needed to respond appropriately must be in place before the incident occurs.

The stages of critical incident and response that managers should understand are:

  • Anticipation and pre-emption
  • Initial reaction
  • First steps
  • Establishing control
  • Establishing a routine
  • Post-event activities

Several useful tools and measures should be in place to afford the manager full ability to respond effectively to a critical incident. These include:

  • Contingency plans
  • Rehearsals and drills
  • Standard operating procedures
  • Guidance notes
  • Communications
  • Staff tracking systems
  • Information management systems
  • Operations rooms

Not every security incident is a critical incident and not all security incidents should be reported. In general, there are three levels of security incident reporting that should be considered:

  1. Report immediately
  2. Include in periodic reporting
  3. Note, but don’t report

Standard formats and templates for security reporting can be helpful as information checklists to promote completeness of the report