Incidents – and how to make use of them

An incident is an unexpected event, whether positive or negative, actual or just a near miss.

Incidents need to be managed before they escalate and potentially lead to a crisis or an emergency. That’s why we need to keep up with incidents by managing them properly.

Managing incidents is typically divided into four steps; identification, registration, follow-up, and reporting.


An incident can influence the organisation economically, security wise, in terms of the reputation of the organisation, and in circumstances which have led to a violation of internal guidelines or external legislation.

You should identify the following three types of events:

  1. An actual loss – Something went wrong and resulted in a loss
  2. A near miss – Something nearly went wrong
  3. A gain – Something extraordinary happened resulting in some form of gain or benefit

All incidents should be identified and registered. However, some incidents will not be noticeable when they occur, making it important to look back once in a while and check what has happened.

In other words, you should take care to look for both:

  • Direct observable events
  • Events that can be seen as a pattern over a longer period of time



All employees, subcontractors, and sourcing partners should register incidents.

When registering an incident, the following parts should be specified:

  • A short and precise title (e.g., focus on what is lost)
  • The department, product, or process affected
  • The owner of the incident
  • The type of incident (e.g., actual loss, near miss, or gain)

Additional information to be registered includes a description of the incident, an estimate of loss, gain, and worst case scenario, as well as whether the incident could impact reputation, compliance, or security, or lead to a crisis level impact.

The incident should be registered as soon as it is identified, even though full understanding of the event is not available yet. As new knowledge is brought to the light, the incident should be updated.

When possible, the following information should be included:

  • Consequences
  • Cause
  • Observations (based on facts)


You or your department manager must make sure that the incident owner and the people affected are informed about the incident and kept up to date.


If you are the owner of an incident, you are responsible for correct and timely reporting of the incident. This includes knowing who has been affected by the incident.

The following stakeholders are especially important:

  • The risk committee (if you have one) – needs to know about important incidents.
  • The communication or public relations department – needs to know in case of incidents that can affect the reputation.
  • Legal or compliance – needs to know about incidents related to violations of the law.
  • Security or IT-security – needs to know about incidents related to security.
  • Crisis management – needs to know if the incident escalates to a crisis.


The incident owner must make sure that the right people are involved, and that the necessary processes are initiated. This includes the crisis management process, security incident process, major incident process, incident investigation, etc..

Keeping track of incidents can seem like an administrative nightmare at first, but it actually provides indispensable information when it comes to identifying potential risks and threats to the organisation.