Best Practices for Incident Management in Physical Security

Best Practices for Incident Management in Physical Security

Governance is essential for incident management.  When executed correctly, it provides the framework, policies, and procedures necessary to effectively respond to and manage security incidents.

How prepared is your organization to handle an incident in a timely and efficient manner?

Good governance can help ensure that an incident response plan is in place and that everyone involved knows their roles and responsibilities. It also helps to ensure that the right resources, including personnel and technology, are available to effectively respond to incidents as they occur in a timely and efficient manner.

Four ways to maximize the role of governance at your organization:

  • Develop Effective Communication
  • Build Strong Partnerships
  • Test, Test, and Test Some More
  • Commit to Continuous Improvement

Let’s review each of these aspects of governance in more detail.


Develop Effective Communication

Effective communication is a critical component of good governance, especially when it comes to incident management. Some key considerations for creating effective communication as part of governance are:

Define clear roles and responsibilities

All stakeholders, including members of the incident response team, senior management, and relevant departments, should have clear and well-defined roles and responsibilities. This will ensure that everyone knows what they need to do and when they need to do it.

Establish communication protocols

Establishing clear and effective communication protocols can help to ensure that information is shared quickly and efficiently during an incident. This may include:

  • Defining a chain of command
  • Establishing a common terminology
  • Providing clear guidance
  • Determining what types of information should be shared and with whom
  • Identifying a shared medium for messaging

Foster a culture of open communication

Encouraging open and transparent communication can help to build trust and ensure that everyone involved in the incident response is working together effectively. This may involve regular status updates, open forums for discussion and feedback, and a commitment to transparency in the reporting of incidents and their resolution.

Plan for external communication

In addition to internal communication, it’s important to plan for external communication, such as with customers, regulators, and the media. Having a clear crisis plan in place for how to communicate with these stakeholders during an incident can help to minimize damage to the organization’s reputation and maintain customer trust.

By incorporating these considerations into governance for incident management, organizations can ensure that communication is effective, efficient, and consistent, and that everyone involved is working together to minimize the impact of security incidents.

Build Strong Partnerships

Governance can help demonstrate to stakeholders, including customers and regulatory agencies, that the organization takes security seriously and is taking steps to protect sensitive information and assets. This can help to build trust and confidence in the organization, which is essential for maintaining a strong reputation and preserving customer loyalty.

Make sure that you are including both internal and external partnerships. Some examples of external partners to consider may include:

  • Local emergency responders
  • Sourcing providers
  • Business recovery sites
  • Backup production facilities
  • Local officials needed for permitting
  • Experts needed to problem-solve during a crisis
  • Local catering services
  • Mental health resources
  • Customers needing to be contacted during an incident
  • News media

The reality is that if the first time you ever contact these individuals and organizations is during a crisis, it will extend and even delay the time to get help and support. Building strong partnerships will make the difference between mitigating versus extending the impact of an incident. Having a clear plan in place for how to communicate with these stakeholders during an incident can help to minimize damage to the organization’s reputation and maintain customer trust.

When it comes to internal relationships, things like company events and celebrations can help connect people to one another. This should happen both informally and formally through structured introductions and internal networking.

Ask yourself the following questions:

  • Who are your stakeholders in the plan?
  • How will you build and maintain relationships with these people?
  • Who needs to be connected through an introduction?
  • How are we keeping the contact information of each of these stakeholders up to date?
  • Who is responsible for making changes to the governance plan when there are changes in people or roles?

Test, Test, and Test

The first time you have an incident in your business should not be the first time you are reviewing your governance plan as it relates to that incident. Whether it is a cyber incident, a physical security incident, an environmental issue, or something else, it is critical that your team has reviewed and practiced their response.

The last thing you want during a crisis is someone struggling to find a manual. 

A tabletop exercise can make all the difference. In order to do this effectively, you want to get all the appropriate stakeholders in a room and review the process step by step. This can help identify possible points of failure and address them ahead of time. It will also ensure that you have all the information you need on hand when the time comes. Many businesses may not know how to effectively run tabletop scenarios, or haven’t taken the time to do it. This is one area where additional support from an outside consultant can be helpful.

Commit to Continuous Improvement

No matter how perfect your governance plan is, it will need to be updated and improved on a regular basis in order to continue to work effectively. The first step is to commit as an organization to continuous improvement. And then to take the direct steps to make it happen. This happens in three areas; people, process, and tools.


  • Who is responsible for driving the process?
  • Who has improvement on their job description and is able to commit the time and resources to moving this initiative forward?
  • Are they empowered to take the action needed?


  • What is the process for making changes in response to both positive and negative feedback?
  • Is every stakeholder aware of this process and how to align it with their part of the system?


  • What tools exist to support the people and process? Whether it is as simple as a spreadsheet or a more advanced set of tools.
  • Is everyone able to access these tools?
  • Do these tools facilitate feedback from every level of the organization?


Governance can help build a process to ensure that incidents are documented and analyzed. This allows a business to determine the root cause of the problem and to identify opportunities for improvement.

You can take it a step further, and improve the overall security posture of the organization, reducing the likelihood of future incidents and improving the resilience of the organization in the face of future threats. This can be accomplished by developing effective communication strategies, building strong partnerships, testing your scenarios, and committing to continuous improvement. Each part of this process is vital to creating a robust and strong organization that will be able to withstand the inevitable incidents that arise.

About Atriade

Atriade Atriade has worked on over 500+ projects, in 60+ industries, in 30+ countries. If you are ready to get expert assistance in creating your governance plan that will set you apart from your competitors, we are here to help. Our management team carries a lifetime of experience in all areas of Physical Security and Electronic Security that we are ready to put to work for your unique business and team.

Visit us online at 

Connect with us on LinkedIn

Subscribe to our LinkedIn Newsletter: Take A Risk