Create an incident response plan

A workplace accident or emergency can be a traumatic experience and have a devastating effect on you, your staff and your business.

Having a plan for what to do in these situations can help ensure the continuity of your business.

What is an incident response plan

An incident response plan is a tool used to prepare your business for a disturbance or emergency. It is designed to reduce potential harm and damage to you and your business.

An incident response plan explains:

  • what actions need to be taken
  • how these actions will be completed
  • who will complete them.

An incident response plan is different to a crisis management plan, which deals with an incident that is out of control despite the incident response plan being actioned.

The incident response plan is a key component of your business continuity plan.

Thumbnail of business continuity planning Word template

Business continuity plan template

The business continuity plan template includes an incident response plan section.

Download the business continuity planning template.

Managing priorities during an incident

During an incident or emergency, you may be faced with many issues happening at the same time which all need to be managed. A well-developed incident response plan will help you prioritise and delegate tasks during an emergency situation.

When developing your plan, consider how you and your staff will respond to:

  • physical danger—this is your first priority. Make sure everyone on your premises is safe and receives medical attention if needed.
  • feelings of stress, confusion or anger
  • intense or negative media attention
  • intense or negative responses from your stakeholders
  • limited time to make decisions
  • key staff being unavailable
  • interruptions to your key business operations.

What to include in your incident response plan

A typical incident response plan includes the following items.

Create a checklist for the first actions you'll take when actioning your plan. This may include:

  • evacuating and contacting emergency services
  • ensuring everyone on your premises is accounted for
  • briefing staff
  • identifying immediate damage.

Clearly explain how people will evacuate your premises. This may include:

  • a floor plan of the site
  • an evacuation map with meeting place highlighted
  • key contact names and phone numbers
  • a staff and visitor log for the day
  • a log of people present for completion once in the evacuation meeting place.

An emergency kit is a pack of important items, documents and equipment that you may need in the event of an incident or emergency. Keep your kit somewhere easily accessible so you can grab it if you need to leave quickly or evacuate.

A typical emergency kit contains:

  • checklists for potential disasters (e.g. cyclone, severe storm, flood, bushfire, IT threat)
  • first aid supplies
  • torches, radios and batteries
  • key computer data backed up onto an external hard drive or USB
  • key contact details (e.g. staff, emergency services, your accountant, power and water companies)
  • important business files (e.g. insurance policies, your business continuity plan, financial documents)
  • other items you may need (e.g. signs, beacons).

Clearly define which staff will be involved in an incident response, and what their duties will be. This may include

  • nominating an incident response team leader
  • identifying key roles and who will fill them
  • defining the responsibilities of each role.

Develop a list of important contact information. This may include:

  • a list of internal contacts (e.g. staff)
  • a list of external contacts (e.g. security services, insurance company, utility companies)
  • emergency services contacts.

Use an event log to record information, decisions and actions during and immediately after an incident. This generally includes:

  • the date and time something has happened
  • details of the decision you are making, or action you are taking
  • who was involved.

Work-related death, a serious injury or illness, or a dangerous incident

If an injury, illness or dangerous incident has occurred in your workplace you may be legally required to notify Workplace Health and Safety Queensland (WHSQ).

Learn about reporting incidents to WHSQ.

Storing your incident response plan

Consider how you might need to use your plan in an emergency and who might need to access it. Make sure you and other key people can access your plan both on-site and off-site. You could:

  • keep a copy of your plan in the cloud
  • keep a copy in another location
  • use incident management software
  • use internal apps or platforms.

Incident response team

Consider who is the best person to be your incident response team leader—as the business owner, this may not always be you. You may prefer to delegate this responsibility to a trusted senior staff member who:

  • has prior experience
  • is more regularly at your premises
  • you can train to take charge.

Following an incident, employees critical to your business will need to focus on continuing the business, dealing with suppliers, customers, and other key stakeholders such as banks and insurance companies.

When planning your emergency response team, ensure you have suitable people in roles you know they are comfortable and can perform well in. Multiple roles can be performed by the same person if needed.

Even though your business may have a thorough incident response plan, emergency services may assume responsibility during an emergency situation.

Roles and responsibilities

Role titleKey responsibilities, training, and notes
Incident response team leader/s
  • Takes responsibility for activating the incident response plan and critical tasks
  • Communicates with emergency services
  • Makes decisions where needed
  • May be multiple people depending on the nature of the crisis
Assessors
  • Assesses the impact of the crisis on the business
  • Trained in risk assessment
Skilled team members
  • Solves problems where needed (e.g. how to shut down machinery, clean spills)
  • Trained in their own discipline, profession or trade
Spokesperson
  • Assumes the role as the public 'face' of your business
  • Talks with the media and calms fears
  • Gives customers confidence to return or keep buying from your business
External advisers
  • Insurance companies
  • Accountant
  • Legal services
  • Security
  • Human resources

Post-incident review

Review your incident response procedures after an event or training session to identify gaps or areas where you can improve. Ask for feedback from everyone involved in the incident or training to ensure you pick up on issues from all areas of the response.

Incident response case studies

A fire breaks out in your business, but the staff member who is your appointed fire warden is on leave. Due to regular incident training, you had identified this as a potential risk, and had trained a backup fire warden to carry out the incident response plan.

The plan involved:

  • calling 000
  • conducting an emergency evacuation
  • conducting a head count to ensure all staff and visitors were out of the building
  • directing when and how fire extinguishers and fire blankets were to be used and by whom.

Ensure all staff are fully trained in your incident response plan, and know how to follow it should an incident occur.

Conducting regular practice drills within your workplace (e.g. a fire drill) will help all staff know the steps to take when an incident occurs. It will also help you to identify areas that need improvement, and make tweaks to your plan.

A small business had a ransomware attack on a computer. Ransomware is a tool used to encrypt or lock computer data until the business pays money to the attacker.

The business incident response plan included a checklist of immediate steps to take including:

  • removing the computer from the network to prevent the spread to other computers and devices
  • backing up all files regularly to allow them to be downloaded onto another computer with no ransomware
  • contacting external technical support to remove the ransomware
  • checking for breaches of data security through an external specialist
  • reloading backed up files to the cleaned computer
  • conducting a post-incident review.

Read more about online risks and IT security.

Also consider...