Automating incident alert management with efficient workflows

Crisis response requires speed and consistency. Here is how Tallyfy helps teams automate incident response workflows before emergencies happen.

Incident alert management is the process of creating or managing communications that are to be used during a business or tech crisis within a company. This process, though, has to be very quick and efficient. We’ve found that every minute saved in the initial response phase can prevent hours of downstream chaos.

You don’t just send a memo to some hacker to “just hold on for a minute, I need to find the phone number for the guy in charge of my IT team.”

And that is where the incident alert management workflow software comes in - you can create set processes that should be carried out during a crisis or emergency, and start the emergency remediation process in a click.

Such incidents can happen in whichever industry you are working in - there’s always some sort of error you can’t foresee. In our experience, the organizations that recover fastest are those with documented response workflows ready before crisis hits. In IT, for example, your servers might be overloaded, or malicious software might have found its way to your network.

It can also be a business problem, for example: The assembly line for one of the products could have a tendency to break. This can cause a lot of problems, like the distribution company not receiving the product on time.

The bottom line is, the incident has to be dealt with swiftly. Otherwise, there can be long-lasting damage done to the company’s income, infrastructure, and so on.

Incident alert management

The potential for damage done is why, exactly, a good incident alert management system is important. It helps you jump-start the remediation process whenever any kind of issue comes up.

Incident alert management is, essentially, a set of processes that are to be carried out during an emergency.

Everyone that are somehow relevant to the incident at hand has to be contacted asap for the problem-solving process to start.

While how incident alert management works is very case-specific, the following is a typical workflow example:

Step #1: Usually, the way emergency remediation starts off is with the problem discovery. A company employee finds the issue and documents it

Step #2: The relevant management is informed of the issue, who then on have to decide how to react

Step #3: Management contacts all the relevant individuals to the case, whether they are an in-house team or consultants

Step #4: If the individuals are in-house, a meeting is set-up on dealing with the issue. If it is consulting, they are sent to the company HQ to start working on the problem.

Step #5: The team starts working on the issue, creating a working solution and documenting what the problem was.

Step #6: The team tries to figure out how to keep a similar issue from happening again, then presenting the idea to the administration, who then on decide whether to carry out the solution

Ready-to-use incident response templates

Example Procedure

Incident Response Plan

1Verify preparation and team roles

2Detect and analyze the incident

3Contain the incident

4Eradicate the threat

5Recover systems and services

+2 more steps

View template

Example Procedure

Customer Complaint Escalation Process for Service Teams

1Listen and Empathize

2Be Objective

3Be Helpful

4Solve the Problem

5Document the Issue

+3 more steps

View template

Using workflows for incident alert management

The incident alert management processes can be made marginally simpler using Workflow Software such as Tallyfy. Usually, most of the steps mentioned above have to be carried out manually.

But workflow software allows for the automation of a big chunk of the incident alert management process.

This allows for the problem to be solved faster. Speed matters here.

The way it works is you set up up a workflow for the type of emergency.

This consists of different processes needed to be carried out to solve the issue at hand.

The processes have properties such as ownership (the person in charge), contacts (to be contacted), and deliverables (a file should be uploaded for the process to be finished).

The following is an example of an IT issue in the company.

Workflow name: Intrusion alert on unauthorized USB stick on a laptop owned by a tier-1 employee

Process #1: Process Start

Responsible individual: Josh the IT guy.

Josh is in charge of managing the network. If he finds an issue, he documents it and starts the process.

Process #2: Meeting / Setup

Contacts: IT Security Team. CEO, CTO.

Responsible individual: CTO

Once the process is started, all the relevant contacts are sent an email.

The email can either be a call to action for a meeting or an already set up conference call link.

If it is the first, the responsible individual is charged with setting up the meeting.

After the meeting, the responsible individual for the step picks the relevant team members for fixing the issue.

Process #3: Problem Resolution

Responsible Individual (s): IT Security Team Lead

The assigned team starts working on the issue, promptly creating the solution to the problem. Technology represents about 9% of our conversations at Tallyfy, and having pre-defined escalation paths cuts resolution time significantly.

Afterward, the team leader inputs the specific details about the issue on the software including what the problem was, the solution, etc.

Process #4: Recap

Responsible Individual: CTO

Once the problem is solved, and the CTO gets an automatic email from the software about what the issue was.

Then, he is charged with informing the rest of the management with what the problem was.

As soon as all the processes are carried out, the workflow is finished.

It can then on be reopened if something similar happens.