Research Report: Crisis/Incident Management Software
Crisis Communication & Response
Written by Roberta J. Witty and Leif Eriksen   

Credit: Jeannie Mooney/FEMA
13p_133

This information comes from the Gartner Hype Cycle for Business Continuity Management and IT Disaster Recovery Management, 2013.

Definition: Crisis/incident management (C/IM) software is used to manage the actions of the workforce and other key stakeholders, in response to a particular crisis or incident, with a consistent and quick approach so as to return to normal as soon as possible. C/IM software functionality should include crisis communications and collaboration, a recovery plan repository, plan training/ exercising, action tracking, expense management, workforce scheduling, situational awareness, a geographic information system, and government agency reporting.

Position and Adoption Speed Justification: In recent years, specialized C/ IM software tools have been commercialized and designed for governments, utilities and private enterprises. These tools are used for the following purposes:

  • Manage relationships with all organization stakeholders (internal and external)
  • Manage response, recovery and restoration actions for the crisis, incident or situation
  • Communicate information internally and externally
  • Provide postmortem reviews of the crisis or incident for regulatory training, reporting and business continuity management (BCM) process improvement efforts

Solutions may be:

  • Specialized to the operations of one industry – for example, government, electric utilities, transportation, or oil and gas.
  • Generalized for the management of any type of crisis or incident normally found in a BCM plan.
  • Part of a larger solution, such as an environmental, health and safety (EH&S) application.
  • Part of a case management tool. Many of these products are evolving into centralized “systems of record” and general risk management tools.

Government agencies (in the U.S., FEMA has made the use of WebEOC a common practice) and private enterprises in industries such as electric utilities, transportation, and oil and gas have embraced C/IM technologies to protect the public and business operations, improve the efficiency of crisis/incident command and related emergency responses, and continually communicate and assess progress when responding to a disaster that interrupts the delivery of goods and services. The Dallas-Fort Worth Metroplex and the DC Homeland Security and Emergency Management Agency are examples of government efforts in this area. Given the benefit of big data initiatives, Australia is developing a large-scale C/ IM platform.

Regional and national-scope disasters increasingly will require enterprise-based C/IM for the critical infrastructure sectors to interact – at least at the level of status reporting and communicating with one another and with government agencies. As a result, the Federal Emergency Management Agency (FEMA), through the Unified Incident Command and Decision Support (UICDS) Project (a middleware framework to tie together many disparate technologies used for C/IM), will help remove some process barriers in place today, as well as provide meaningful situational awareness information to public and private organizations. In addition, government and regulatory agency requirements, such as those of the U.S. Occupational Safety and Health Administration, National Incident Management System/Incident Command System (NIMS/ICS) and FEMA, are driving more organizations to move to automation.

In the 2013 Hype Cycle, C/IM software has moved only one position to post-trough 20% because we aren’t seeing enough private-sector usage to change the adoption rate. Private enterprises, other than large, multi-location and often multinational organizations, find them rather complicated to use or fit for purpose to only one standard – for example, the NIMS/ICS. More flexible tools are required for market adoption to rise.

User Advice:

  • Match the type of C/IM software solution deployed to the most likely and critical types of crises or incidents that pose the greatest operational risk to a company, based on a formal, board-approved risk assessment. A financial services company might opt for a solution that provides functionality aligned with an IT outage, a natural disaster or a pandemic, while a heavy-industry manufacturing entity might choose one with functionality tailored for response to EH&S-related crises or incidents.
  • Buyers need to be realistic about the initial benefits and the level of effort required to reach these benefits, and they should expect years of slow but steady improvement in the value they extract from this category of product.
  • Ensure that the chosen software solution adheres to public-sector crisis/incident protocols relevant to the geographic regions in which the solution is deployed. For example, in the U.S., any solution targeted to respond to physical crises or incidents, such as environmental mishaps, safety issues, or natural disasters affecting health and safety, should adhere to the NIMS/ICS process, as mandated by the U.S. Department of Homeland Security. This will ensure interoperability with public-sector response agencies.
  • Manufacturers with exposure to EH&S issues as a result of disruptions caused by natural disasters should: (1) adopt solutions that are interoperable with regional public-service protocols to ensure timely and efficient responses to minimize brand damage; and (2) consult with their corporate counsel for jurisdictional issues relating to privacy and rules of evidence.

Business Impact: The goal of C/ IM is to contain and minimize the impact of a crisis or incident (such as earthquakes, power outages, transportation delays, product failures, market shifts, adverse management activity, workplace violence, fires, floods, collapsing bridges, severe weather conditions, terrorist attacks, chemical spills and accidental discharges), on individuals, localities, businesses and public agencies. Damage can be done to an organization’s reputation, operations and revenue streams, as well as a government’s ability to reduce any adverse impact on public safety.

C/IM processes and software solutions help organizations manage the following actions taken in response to a critical event or disaster:

  • Improve the organization’s ability to protect public safety and to restore business services as quickly as possible.
  • Ensure the recovery of expenses incurred during the disaster from business interruption insurance policies.
  • Protect the reputation of the organization in the eyes of all stakeholders – employees, customers, citizens, partners and suppliers, auditors, and regulators.

Using a system that imposes a standardized best-practice or leading-practice model extends uniform managerial controls across the organization. It also cuts staff training time and ensures better integration with the broader internal and external community involved in recovering from a disaster.

Benefit Rating: High

Market penetration: 20% to 50% of target audience

Maturity: Early mainstream

Sample Vendors: Coop Systems; Crisis Commander USA; eBRP Solutions; EmerGeo; Enablon; Enviance; ERMS; ESi; Global AlertLink; iJET; IHS; Intelex Technologies; Intergraph; IntraPoint; Ixtrom Group; MissionMode; NC4; Previstar; ReadyPoint Systems; Reality Mobile; RecoveryPlanner.com; RMSS; EMC (RSA); SAI Global (Cintellate); Send Word Now; Strategic BCP; SunGard Availability Services; Swan Island Networks; VirtualAgility; Witt O’Brien’s (Pier)

 

About the Author

Roberta Witty is a Research Vice President at Gartner, Inc., where she is part of the Risk and Security Management Programs group. Her primary area of focus is business continuity management and disaster recovery.

Leif Eriksen is a research director at Gartner and writes about how industrial companies manage the safety, reliability and sustainability of their production/manufacturing operations.

This information comes from the Gartner Hype Cycle for Business Continuity Management and IT Disaster Recovery Management, 2013. This report is part of Gartner’s 2013 Hype Cycle Special Report which provides strategists and planners with an assessment of the maturity, business benefit and future direction of more than 2,000 technologies, grouped into 98 areas. The Special Report includes a video, provides more details regarding this year’s Hype Cycles, as well as links to all of the Hype Cycle reports. The Special Report can be found at http://www.gartner.com/technology/research/ hype-cycles/.