Incident or crisis? Why the debate?

Get free weekly news by e-mailBS 25999 has replaced the term ‘crisis management’ with ‘incident management’. Peter Power explains why he thinks this is a mistake.


Anyone reading BS 25999 part one, the new British Standard for Business Continuity Management, will see nothing about ‘crisis management’, but will see a few pages about ‘incident management’ instead. So what? Perhaps you think it matters not what we should call the crucial and rapid intervention point at the acute phase of a crisis? However, it has become very clear since publication of the new standard that many people do feel there is something awry here. Surely the word ‘crisis’ is more precise and accurate? On the other hand, the noun ‘incident’ might be less troublesome to digest for the stakeholders of an organisation affected by a disaster or other risk event. As someone who was part of the small team assembling that draft section of the new standard I know full well that the latter was the winning argument.

I confess to feeling a sense of loyalty to my fellow team members, but they will know that I (and others) simply do not agree that the sudden impact of a disaster hitting any organisation can accurately be massaged into nothing more than just an incident. Why?

Crisis (management) is a precise, honest and eponymous noun. It does not mean out of control, any more than having a sudden puncture of a car tyre whilst driving on the road means automatically losing control. In such a case you have a crisis that jeopardises your task (i.e. driving in a straight line) and which needs immediate action (i.e to control the vehicle, stop it hitting anyone else and steer it to the side of the road ASAP). From then on it’s recovery. I think you can draw some parallels with a possible business disruption? To quote the Concise Oxford English Dictionary a crisis is ‘a time of intense difficulty or danger’. It’s short lived and requires special skills to respond. On the other hand, incident is defined as ‘an event or occurrence’ and therefore can mean just about anything over an infinite period of time.

Just suppose for a moment that your organisation has been responsible for some perceived tragedy that ruins the livelihood of several people, or worse still. TV news crews report vivid images and interviews from the scene and then turn to your organisation for reassurance that you take the crisis seriously. But the perception is that you do not. For you it’s just an incident; and as a result you appear out of touch, uncaring and aloof from reality. It seems you are more concerned about spin than honesty. In such a scenario your corporate reputation could collapse due to unsympathetic reporting and subsequent public anger.

When my company runs any crisis management workshop we do advise people to use the obvious noun ‘crisis’, but not to call themselves a ‘crisis team’ when the acute phase has been dealt with and the organisation is well into recovery. The latter does undoubtedly send the wrong message to stakeholders. But to pretend at the very outset that there is no intense difficulty or anything causing a serious problem by giving the event a deliberately vague title in order to spuriously assuage any stakeholder fears is I suggest, rather disingenuous.

It’s more from the recipe book of the archetypal spin doctor Alistair Campbell than say, Sir Michael Bishop. Bishop, as head of BMI, handled the scene of the Kegworth air crash in 1989. His honest and accurate assessment of the crisis actually resulted in more people subsequently flying with BMI than before. Would that have happened if he denied the obvious and just said that the disaster was nothing more than an incident to him?

It’s also a bit like the case in 1997 when interviewer Jeremy Paxman on BBC TV asked Michael Howard (then Home Secretary in the UK Government) a blatantly simple and very obvious question requiring a ‘yes’ or ‘no’ answer. But Howard, following a spin doctor’s guide and in front of millions of viewers, assumed the obvious did not apply to him. Better to obfuscate and use words that he felt might reduce the severity of the real event. The question was repeated no less than 12 times without a resulting clear answer. Howard looked dishonest and ridiculous. The interview is now famous in the annals of TV history and the clip has been repeated many times: presumably, much to Mr. Howard’s embarrassment.

In a crisis nothing should hinder a first and immediate reaction phase (sometimes referred to as jumping from ‘slow time’ to ‘quick time’), albeit it is a finite period only, since the aim is to move to recovery (if applicable) as quickly as possible. The term crisis in this sense, does not mean the organisation is unable to cope. Far from it.

Crisis, rather than incident, refers to the acute crisis phase with the unique pressures and demands that suddenly appear at the beginning of any likely calamity. However, it is key to note that what descriptive term is used to highlight these first vital activities is not in itself the single most important feature. What is important is to understand what the first vital activities actually are, although these are better achieved by being honest with yourself.

In some cases where no physical impact is caused (e.g. damage to reputation alone) crisis management ‘quick time’ tasks, such as preparing a media holding statement as quickly as possible, will be the only aspect of a business continuity plan which will need to be triggered.

A crisis management plan should be frequently rehearsed, feasible, relevant and very easy to read. Apart from the main written plan(s), many organisations condense advice on dealing with these first critical stages into pocket sized cards that not only list contact details, but logical flow charts, matrices and other aides to ‘quick time’ crisis decision making; very often for use at strategic or board level. Irrespective of the size of an organisation, the primary aim of crisis management is I suggest, to do the following:

* Respond to what is happening now without wasting disproportionate time on getting 100 percent accuracy on the cause of the crisis. This may prove impossible, in any case.
* Assess the situation from inside and outside the organisation as all stakeholders might perceive it. In this sense perception equals reality.
* Identify the immediate / probable impacts and subsequent consequences and get ahead of them. Otherwise, the organisation merely becomes a voyeur to its own destiny and that will be shaped by others and not you.
* Take direct actions to contain the likely or perceived damage spread (this includes reputation, brand protection and so on).
* Identify and activate, without any delay, obvious features of the business continuity plan which are needed to cope.
* Encourage decision makers to take bold and prompt actions tempered if anything, by over reacting (within a previously agreed response structure) rather than under responding.

Sometimes there will not be an obvious demarcation line between the crisis management and other connected business continuity phases. Moreover, the same personnel may participate both in the crisis management and business continuity teams (in the case of small organisations this is especially so). But whatever the size of the business the key is to recognise the difference between the need for rapid crisis assessments and achievable directions at the start, followed quickly by appropriate containment and recovery actions.

In this sense I cannot see any advantage to be had by pretending to calm or dilute the dramatic phase of any sudden business calamity simply by calling it an incident rather than a crisis; as if just doing this makes it better and fools observers. 'Crisis' remains a useful and important term, in my opinion.

Peter Power BA FCMI FEPS FIRM FBCI is managing director of Visor Consultants Limited, London. He regularly helps organisations to plan and deliver highly successful scenario based exercises as well as workshops, leadership courses and motivation sessions. He often appears on BBC TV and other news broadcasts discussing crises and has considerable front-line experience. His research on crisis decision making is quoted in the UK government (Cabinet Office) Guide on Integrated Emergency. He is a special advisor to a number of key organisations including the Canadian Centre for Emergency Preparedness and the Business Continuity Institute London Forum. He is, in addition, a special advisor to the editorial board of Continuity Professional Magazine in the USA and is listed in the UK Register of Expert Witnesses.


Make a comment.

Reader comments

I enjoyed reading Peter's article and once again he combines some thought provoking material with witty analogies and a bit of historical context, but despite those commendable attributes, I submit that he glosses over the key issue in his article.

BS 25999 is a standard and there is no room for ambiguity or subjectivity in a standard, hence the need to review the term ‘crisis management’" prior to the publication of the British standard.

Despite Peter's supply of the Oxford Dictionary definition of a crisis, that doesn't actually assist in truly defining a ‘crisis’.

I believe that one thing may be said about that defining process with a degree of confidence, one person's ‘crisis’ may be just a problem or an incident to another ‘person’. Following that logic, I suggest that not all business continuity incidents are a crisis, but I do agree that a poorly handled response to an incident has the potential to become a crisis.

One simply has to flick through the lessons identified from some recent events and public inquiries, such as the tragic events at Hillsborough football stadium, to find evidence to support that theory.

This then comes back to my previous point, that there is no room for ambiguity in a standard. All crises (within the context of BS 25999) are business continuity incidents and organisations have to perform certain processes and have regard to some important considerations during the response phase to those incidents, such as protecting the staff member's health and safety.

The preparations for these incidents must be documented and do-able and the measure for this will be expanded upon within BS 25999:2.

I fully accept that some business continuity incidents move straight into the realm of a ‘crisis’ by the sheer scale of the incident, one such example of this could be the explosion at the Buncefield oil terminal. But once again the issues of subjectivity and ambiguity arise and at the risk of being tautological, they have no place in a well considered and achievable standard.

Peter alluded to the theory that the term ‘crisis’ promulgates a fear of failure or inability of resolution, not a theory that I've personally encountered, but if true, possibly another good reason to avoid the term.

I understand Peter's reservations, but there is nothing in BS 25999 that states that people should not use the term crisis, it was just felt that the term created more issues than solutions and that it was too subjective.

And there is another important point that Peter acknowledges in his article, it is the training, education and testing of the skills required to face these challenges that is the really important element in all of this debate. I am in total agreement with Peter's position in relation to those areas.

One of my favourite quotes on this aspect, is provided by Dr Patrick Lagadec of the European Crisis Management Academy, who stated in 2003:

"One cannot predict the unpredictable or guess the unguessable, all one can do is train and prepare to face the challenges that these events will present us with."

I think that a debate about what we should call the process of incident management may be an unnecessary distraction from this main point.

In conclusion, with due deference to Peter, I am minded of a Chinese proverb, which seems quite appropriate to this debate:

"If it looks like a duck, swims like a duck and quacks like a duck, then it's probably a duck!"

Kev Brear
Business Continuity Manager

I can't disagree more [with Peter Power]. Emergency services worldwide respond to incidents that involve mass casualties, property loss and massive disruption (bushfires/wildfires in Australia and the US are a great example). They don't refer to them as a crisis. We in the BC world need to adapt the emergency services approach that problems (incidents) occur all the time, but just in different scales. A fire service will respond the same to a garbage bin fire as to a Buncefield fire - it's still a fire. Managers daily deal with IT interruptions, staff calling in sick, customers complaining. A significant incident is the same issues magnified. The BC professional needs to drive a message that ‘it's normal operations in abnormal circumstances’. You don't want to see your fire chief looking like the worlds about to end, so why do you want your Execs to do this?

Sean O'Brien MRMIA
Risk Manager

Good article. While the terminology may be a semantic discussion to some people, for those of us in the information technology area the distinction is important. If you look at ISO 20000 or BS15000 (the international standard for information technology processes aka ITIL) you will see that part one of the key service support processes is ‘incident management.’ In these standards an incident is defined as ‘any event that is not part of the standard operation of a service and which causes or may cause an interruption to, or a reduction in the quality of that service’. In most organizations incidents are handled as trouble tickets: think about the last time you called the helpdesk to report a computer problem, that was an incident. Mature IT departments will establish thresholds for the type or quantity of trouble tickets in which escalation beyond the standard incident management process is required. Many organizations use the term crisis management to explain all activity beyond this threshold point. It would be appropriate to apply the BS 25999 standard to these situations.

Using the term incident management instead of crisis management will only cause more confusion.

Author requested to remain anonymous

I'm aware that Kev Brear has very ably commented on Peter's article, and I do not wish to detract from his response. I'd just like to add further thoughts in explanation of BS 25999.

Firstly, not all interruptions (actual or potential) are a crisis. Therefore, the standard would have required a precise differentiation between 'incident' and 'crisis', and a definition of the process by which you switch from incident management to crisis management (and which would then have invited definitions of 'emergency', 'disaster' etc). The committee felt this created more problems than it solved.

Secondly, the standard very clearly recognises that some incidents will be called a crisis straight away due to their 'profound disruption to the organisation's objectives (commentary note on 3.7.d)'. It also clearly states that organisations might choose to call their response structures 'crisis management'(8.2.2). It is not as though we have hidden or banned the term.

The British Standard is deliberately written for all organisations, of different sizes and differing BCM maturity levels, and so we tried very hard to keep concepts as simple as possible.

Like Kev Brear, I believe that the capability of the response is more important than the term used. It is not a fact that to use the word incident implies 'spin', or 'dilution', or 'pretending'. That is simply Peter's opinion, which the Committee received at the time, and which was considered as seriously as the hundreds of other responses.

We will undoubtedly return to this debate many times over the next year or so, which is to be welcomed as we continually revise and evolve the world's first true standard on business continuity. I thank Peter for his ongoing contribution to that evolution, and for his passionate support of BCM.

Chris Green
Chair, BSI BCM/1 Technical Committee

In response to Peter Power's article, I would have the following to say.

Incident management defines structures, roles and responsibilities for managing adverse events. In our part of the world, we have the Australian Interagency Incident Management System, and the New Zealand Co-ordinated Incident Management System. In the US they have the Incident Command System.

These Incident Management Systems (IMS) have been accepted as best practice for organisations responding to, and recovering from, events that cannot be managed using routine organisational management systems. The agencies that have adopted an IMS relevant for their country usually include the emergency services, military, local government and any other public sector agency that has a role in response and/or recovery.

Increasingly, private sector organisations are recognising that it is beneficial to develop plans that are aligned and/or compatible with their country’s IMS because it will allow them to better interoperate with other agencies.

Consider, say, a University that may have significant emergency service involvement when responding to an event. The response effort with be significantly improved if the internal University response utilises compatible structures, roles and terminology to the emergency services - it knocks down the barriers.

As an emergency management consultant, our clients easily recognise the benefits of utilising nationally recognised guidelines for structuring response and recovery efforts - primarily for benefits of increased interoperability and understanding (as all organisations involved use similar terminologies and have similar roles). They also recognise that is it counter-productive to develop their own management system that will be inconsistent with other organisations that they may have to work with.

A crisis, in the context that Peter presents it, is fine for an organisation to use to respond to adverse events as long as they are not going to be working with other agencies - especially public sector organisations. However, given the widespread adoption of IMS by the public sector as the response/recovery management system of choice, it is to be expected that incident management will be the system of choice when any co-ordinated inter-agency approach is required for response and recovery. Even the potential of having to utilise IMS in some events, is moving organisations to adopt IMS as their internal management system of choice for adverse events - just in case they have to interoperate with emergency services, local government etc.

In the end they are just words, and are often used interchangeably. The reason 'incident' is becoming increasingly adopted is because of the connection to formal Incident Management Systems that are defined in many countries. It is nothing more than the acceptance of best practice.

Gavin Treadgold - Director
New Zealand

When asked by the media what action an organisation were taking I think I would prefer to refer to our ‘Incident Management Plan’ rather than our ‘Crisis Management Plan’ – irrespective of the internal difficulties, I would rather the outside world (and to a large extent the internal world too) are given the impression that the world had not stopped and everything was under control.

I come from the world of Occupational Safety Management and discussion regarding similar terminology took place amongst ‘experts’ twenty tears ago. Surely the objective is to establish universal terminology that is simple to understand – especially by those not in the clique, without trying to rewrite the dictionary.

Steve Granger

Peter's comment above "To pretend at the very outset that there is no intense difficulty" needs some examination since it assumes that scale of an incident is clear and known at the outset. This is only rarely the case - incidents do escalate over time and there is often limited information at the outset to assess their scale. Yet if the 'crisis' management Team kicks in only when the incident has reached obvious crisis proportions vital time may be lost. Because of the nature of incidents it is impossible to define unambiguously rules to define what is or may become a crisis.

So does the name matter? Following an incident of indeterminate impact a client of mine spent several hours discussing whether to invoke its 'critical incident team' - being unsure whether the situation was a 'critical incident' or not. Similarly notification of a 'crisis' team may be significantly delayed if there is some doubt about whether it has become or will become a 'crisis' situation.

In retrospect we can always recognise that a crisis occurred but to those trying to deal with an immediate situation it may not be obvious. Those dealing with the problem may be reluctant to cry 'wolf' - (or 'crisis') but will be more comfortable phoning the duty director to inform them of an 'incident' giving early warning of a situation that has the potential to escalate.

Ian Charters, FBCI

All crises are incidents, but not all incidences are crises. I handle most incidences that are not a normal operation, whether planned or unplanned, whether a crisis or emergency or a planned event, with the same toolkit. I know that my background in emergency response colors my thinking, but if we plan and train the same way for every incident, we will be more likely to be doing what needs to be done at any incident, no matter what you want to call it.

Lt. Sunshine Lemme, MS

As a consultant of many years with various levels of government in Canada I have found that the simple rule of thumb is summed up by the following.

- 9/11 was a tragedy – loss of lives or injury to persons or relationships
- 9/11 was a disaster – loss of physical assets (including IT) or wealth
- 9/11 was never a crisis because Rudy Giuliani performed top notch crisis management to prevent the ‘incident’ from getting out of control or appearing to be out of control.

The actual or apparent loss of control would have been a crisis.

Now you can debate whether Rudy Giuliani succeeded by being a spin doctor or by being open and truthful. And we all know of the post 9/11 criticism for lack of preparedness and lack of attention to air quality. Nevertheless, at the time, he prevented the appearance of being out of control, even when the emergency resources had reached their limits.

In processes to manage BC and other interruptions/disruptions we impose two distinct teams

a. an incident management team – to manage fixing the problem, recovery, etc
b. a crisis management team – whose job, from the very beginning, is to manage the situation so that it is not a crisis.

The definition I keep running across in government is:

Definition: A crisis is an event, revelation, allegation or set of circumstances which threatens the integrity, reputation, or survival of an individual or organization. It challenges the public's sense of safety, values or appropriateness. The actual or potential damage to the organization is considerable and the organization cannot, on its own, put an immediate end to it.

Remember, if an allegation has been made from a credible source, or appears in a credible media outlet, it does not have to be true in order to be damaging. A serious allegation must be treated with as much importance as if it were true, because it has the potential to be believed.

It seems to imply that crisis is really about ‘real or perceived’, ‘actual or potential’ and ‘open endedness – no sense that people know how to end it’ and that these conditions need to be managed to meet expectations of ‘safety, values and appropriateness’.

Writer requested to remain anonymous

I am very pleased that my article has stirred some interesting reactions. That was the idea. As Oscar Wilde once said ‘there is only one thing worse than being talked about and that is not being talked about', in which case this debate is entirely healthy. Oddly enough, more people have emailed me directly with their views than have actually appeared on the comments section. I’m not sure why, but I strongly suspect this is because many organisations seem to forbid employees from voicing openly, any constructive opinion. If so, it tells me there are many uninspired corporations out there.

Some comments to me reflect very naive and sometimes bizarre views that reinforce just how risk averse many people / organisations are and how very few people have been exposed to the sort of dramas that I was referring to. Ones where people actually get hurt.

In a world where the extraordinary has become commonplace and the unexpected is now regularly anticipated, I think it’s time to use useful guides such as BS 25999 to stimulate rather than replace original thought and to share ideas more than ever before.

I thank all those who have bothered to contribute to this debate.

Peter Power

Date: 13th March 2007• Region: UK •Type: Article •Topic: Crisis management
Rate this article or make a comment - click here

Copyright 2010 Portal Publishing LtdPrivacy policyContact usSite mapNavigation help