Example
Example of how the three-tier incident response would operate
This section provides an example of the way in which each team would operate and each plan would be used during an incident.
The organisation, River Bank, is a bank which provides mortgages. The main office, Riverside House, is situated on Tay Street, which runs alongside the River Tay.
In this example ICT and IS work in Riverside House, together with the bank’s Mortgage Application Call Centre, the Finance department and the Credit Control office.
The main Communication Room (which unfortunately is in the basement) is flooded, causing several servers to be damaged and also compromising the electrical safety of the whole of Riverside House.
The Facilities Manager advises the ICT and IS Manager, the Call Centre Manager, the Finance Manager and the Credit Control Office Manager that they should evacuate the building in accordance with the Incident Response Plan and then informs the Health and Safety Manager and the Business Continuity Manager of what has happened and the extent of the damage. The Business Continuity Manager contacts the members of the Incident Management Team who meet at the Incident Room in Glenalmond House and start implementing the Incident Management Plan.
ICT and IS are relocated to Gleneagles House in accordance with their Business Recovery Plan where everything needed has been set up. The management team will establish their own Incident Management Team to manage the operational teams and to liaise with the organisational Incident Management Team. The ICT and IS operational teams can then implement the IT Service Continuity Plan to restore the technology and information service to the affected Business Units.
The critical processes from the Call Centre, Finance and Credit Control teams will relocate to the alternate sites referenced in their Business Recovery Plans (which could include another bank site, working from home, relocating to a Work Area Recovery Facility – WARF) and once there will start working in accordance with their Business Recovery Plans. This might necessitate using the procedure for manual operation while ICT and IS restore service.
As the incident affects the bank’s ability to answer customer telephone calls and release mortgage funds a gold team is established in order to cope with relevant managerial decisions related to the incident. The ICT Director would be part of this team.