This step is not included in the 6 step model which I set out at the start of this series, however during my research I was directed to this post by Steve Armstrong. In it he mentions:
“Assessment and Engagement (<— new stage for assessing the impact of the incident and working with legal and external support staff to develop a per incident response plan)”
[all credit to http://www.crisisplanningroom.com ]
When I read this a little bulb switched on!
This is obviously a vital part of the investigation and try as I may, I couldn’t quite fit it into the other 6 steps. Instead, I would like to be a little bold, and talk about my interpretation of step 2a.
Too often IR teams will burn ahead to ‘resolve’ the incident and get back to normal operations. This is what the customer wants, but not necessarily what the customer needs. In the same way you may want the car mechanic to service your car; that is what you want. What you may need is a new steering column and you trust and listen to the mechanic when they tell you that if it isn’t done something really bad could, and probably will, happen.
Bringing in external resources can also make the customer feel uneasy, it may be they want to keep this incident quiet until they have a handle on it and their PR staff can put a positive spin on it. The more people who are out of the customers control, who know about this, increases the risk of a leak.
What can we do about that? Be professional! Simple as that; if the people we bring in are also professional, then the customer’s secrets are safe.