Inside IT security: Why your company needs an emergency manager

What is an emergency?

Which events constitute an emergency varies from company to company and is defined in an emergency plan - preventively, of course. In an emergency, it is too late for this. A process is then required that determines when an emergency has occurred and whether the steps defined in the emergency plan are initiated.This may sound "typically German" at first, as if an emergency first has to be officially declared. In fact, this question is not trivial. There is a real risk that an event and its consequences will be underestimated in the operational business. This means that time is lost that would have been better spent on countermeasures and setting up emergency operations.

What skills does an emergency manager need?

The emergency manager plays an important role in crisis prevention and the implementation of emergency measures. In smaller companies, this should usually be the business owner, in larger companies an employee (also think of a deputy!) who takes on this task. They are responsible for the emergency measures and the emergency documentation. They should be the first point of contact in the event of an emergency. In order to be able to fulfil these tasks, they must be given the necessary authority by the management. If the emergency plan stipulates that three employees from one department must immediately take action in another in the event of an emergency, it should be sufficient for the emergency manager to refer to the occurrence of the special situation. A scramble for competences would be anything but useful in such a situation. The emergency manager should not only enjoy the authority and trust of the management, but also be able to handle the task with the necessary amount of emotional intelligence.

In the event of an emergency, he or she is the first point of contact for all those involved and reports to the management. Regardless of how operational management is organised in a company, there will be established management processes and roles in a company that are responsible for the respective specialist area (e.g. production management, IT management, etc.). They will continue to be the first point of contact for incidents and events at line level. The technical qualification of this management level serves as the first filter for determining the extent of a fault. If the management of an area realises that the events go beyond an expected level, it notifies the emergency manager. Ideally, all reports should come directly to the emergency manager, who has the overview to judge whether a further escalation level needs to be selected.

Better to be overcautious than careless: report suspected cases

Colleagues must not be afraid to inform him if they are concerned that an incident is threatening to escalate. Every firefighter will always confirm in a personal conversation that it is better to call the fire brigade once too often than once too little. It is precisely this conviction that must prevail in a company when it comes to emergency management.

24/7

Crises and emergencies do not take business hours into account. It is important to ensure that the emergency manager can be reached. The easiest way to do this is to purchase a mobile phone for the position, the number of which is known and documented throughout the company so that the emergency manager can be contacted quickly.

Practical example

System administrators notice that there has been a malfunction on the server used by the company's ERP system. They are on the trail of the malfunction and have informed the IT manager. As this is a system that is listed in the company's emergency planning, but is categorised as less critical as there is a fairly long maximum tolerable downtime, the emergency manager is informed. He will assess the further progress in remedying the problem and keep an eye on the recovery time for an emergency operation.

The emergency manager is responsible for emergency planning and initiating measures.

At the latest when several departments or specialist areas are affected by an incident, especially if it involves a process worthy of protection, the emergency manager's resources reach their limits and a proper crisis team is required.