Improving your response to major incidents through a well-structured operating model

An operating model, with an agreed strategy from the outset, will provide the foundations for a flexible response, capitalising on an effective organisation and team structure, with well-trained people, an agreement on which departments to recover as a priority and what technology and data is required.

In our previous perspective we highlighted operating model design as one of five key areas to help align your incident response capability to your strategic goals.

Target Operating Model for Crisis Management and Business Continuity

Confirm the overarching response strategy, with clear values, to provide the structure for the response.

Ensure you know your organisation’s priorities for response, your vision for success and the values you will adhere to. You will no doubt have corporate values so you need to demonstrate how response activities/decisions align with and demonstrates these. Flexibility is critical and leaders need to be open to change and able to switch direction as the situation dictates. 

An example of a poorly executed strategy was during the Volkswagen Emissions Scandal in 2015. Staff acted without a clear, co-ordinated response strategy at all levels and as a result, customers were treated inconsistently and the response was full of contradictions.

Confirm which teams are involved from a tactical, operational and strategic perspective. 

This is your response structure and outlines how your teams are set up to respond. There is a need for seamless communication, coordination, escalation and leadership to bring the incident under control to a position where you can turn the disruption into an opportunity.

In the public sector, and many organisations, this often follows Gold, Silver and Bronze command structures, others refer to Incident Response, Crisis/Incident Management and Business Continuity teams.

Confirm which people will be involved at all levels of the response and ensure training programmes are in place to build confidence and manage the change over time.

Roles need to be flexible, depending on the incident, but must align to pre-agreed response teams and strategies. There needs to be a combination of strategic decision makers and “doers”, heavily involved in assessing the situation, solving the issues at hand with the authority to make decisions and the ability to look ahead to predict how the incident could progress (horizon scanning).

An example of the different roles across a communications response was demonstrated during the recent TSB IT failure in June. The bank hired over four hundred extra complaints handling staff to provide a consistent message to customers (Bronze/tactical activities), whilst leadership responded to the media and answered questions from the Treasury Committee (Gold/strategic activities).

Exercising and training different individuals and teams will be critical to validate planning assumptions, ensuring stakeholders are familiar with the strategy and how they align to it.

Confirm which departments to prioritise during the response. 

It is essential to understand, through a Business Impact Analysis, which of your departments are most critical to your organisation following a major incident. Looking at the impacts on the organisation, if certain departments were disrupted, would give you a great indication of which ones to prioritise during a response.

For example, when recovering major IT systems, is your Marketing department as critical as your Customer Services, is Finance as time critical as Sales.

Confirm how your teams will use technology and data to monitor incidents and manage a response.

Knowing where information can be sourced, which technology your business is dependent on and how to use it during a response will greatly advance your capability.

In the example of TalkTalk in 2015, customers were upset by the lack of clarity during the incident whilst response teams worked to understand, assure and translate huge amounts of data and information to drive internal and external decisions. Having access to early and accurate data on the impacted customers could have supported a more coherent response strategy, across all levels of the response, with greater clarity for all.

Examples of technology, which can speed up the response, include staff notification systems, share point sites, monitoring systems, social media, collaborative technology, conference / video calling etc. 


Focusing on your strategy, response structure (organisation), people, departments/functions, technology and data will put you in a proactive position to respond to major incidents and build resilience across the organisation. This approach will be fundamental to help build the foundations of a resilient organisation.

If you would like to talk to us about establishing a fit for purpose operating model for major incidents, please don’t hesitate to contact us at

Media Enquiries
For more information please email