Mastering Incident Management: A Guide to Effective Incident Investigation

Last Updated: February 1st, 2023/Views: 568/4.4 min read/
Online FREE HSE Software
Mastering Incident Management: A Guide to Effective Incident Investigation

The scope of an incident investigation procedure includes determining the cause of the incident, identifying any contributing factors, evaluating the effectiveness of current controls and processes, and making recommendations to prevent similar incidents from occurring in the future. The investigation process typically involves gathering data, interviewing witnesses, and analyzing the information collected. The scope should also include documenting the entire investigation process, including the methodology used, findings, and conclusions, to ensure transparency and accountability. It is important to ensure that the investigation is comprehensive and covers all relevant aspects of the incident, so that appropriate actions can be taken to prevent similar incidents from happening in the future. The ultimate goal of an incident investigation is to provide an accurate understanding of what happened, identify root causes, and develop effective solutions to prevent similar incidents from recurring.

Initial Steps to be Taken in Case of Incident (Initial Response)

The initial steps taken in the event of an incident are critical to ensure an effective response.

  1. The first step is to quickly assess the situation and determine the level of impact it is having or could have. This helps to determine the appropriate response and allocate the necessary resources.
  2. Once the impact has been assessed, the next step is to activate the incident response plan, which should include
    1. summoning the appropriate response team,
    2. communicating with stakeholders, and
    3. activating any necessary emergency procedures.
  3. In parallel, containment measures should be put in place to prevent the incident from spreading or causing further damage.
  4. The incident response team should also gather information about the incident, such as its cause and extent, to help inform their response.

These initial steps provide a foundation for a successful incident response, allowing the incident to be effectively managed and resolved, and minimizing the impact on the organization.

Notifications
Ambulance HSE TL Management Police Ministry of Labour
Fatality Immediate Immediate Immediate Immediate as per legislation
Injury Immediate Immediate 12hrs as per legislation as per legislation
Low NA 12hrs NA NA as per legislation
Timeframe
12 hrs The evidences about the incident as well as eye witness statements must be collected within 12hrs to prevent loss of valuable data.

Physical evidence: This can include items such as broken equipment, spilled substances, and damaged property. This type of evidence is crucial in determining the cause and extent of the incident;

Digital evidence: This can include data from electronic devices, such as computers, servers, and smartphones. This type of evidence is important in cyber incidents and can provide valuable information about the cause and extent of the incident;

Witness statements: This can include verbal or written accounts from individuals who were present during the incident or who have relevant information about it;

Logs: This can include log files from systems and devices, as well as written records of activities that took place leading up to the incident;

Documentation: This can include contracts, policies, procedures, and other relevant documents that can help shed light on the cause of the incident;

Photos

It is important to secure and preserve the evidence as soon as possible to prevent tampering or degradation. The evidence collected should also be analyzed in a timely and thorough manner to help determine the cause of the incident and identify any areas for improvement.

24 hrs
  1. The report in the system should be generated by Responsible Supervisor. The Responsible Supervisor will do the quality check and request additional details as needed.
  2. Agree on Incident Investigation: management team will agree on
    1. Incident Investigation team;
    2. Scope;
    3. Methodology;
7 days Investigation Team will do the investigation and submit the Initial report within 7 days from the date when Incident has occured.
Incident Grading
Near Miss ..
Light (L)
  • No Injury to Personnel
  • Little Asset loss
Medium (M)
  • Medical Treatment case
  • Damage to Asset
High (H)
  • Fatality
  • Substantial Asset Loss
Responsibilities
Responsibilities Near Miss Light (L) Medium (M) High (H)
Report Entry and Closure All Employees *** *** ***
Report Review HSE HSE HSE HSE
Investigation TL NA Supervisor HoD GM
Investigation Team NA
  • HSE
  • SME
  • HSE
  • Supervisor
  • SME
  • HSE
  • HoD
  • SME
Investigation Review NA HoD GM CEO
Criteria for Closing the Incident in the Incident Management Software
  • All Evidences Attached;
  • All Actions are closed;
Definitions & Abbreviations
GM General Manager
HoD Head of Department
SME Subject Matter Expert
Documentation and records

The following documents should be attached to an incident investigation report:

  1. Incident Report: A detailed description of the incident, including the date and time it occurred, its location, and the extent of the damage.
  2. Evidence Collection Log: A record of all the physical, digital, and other evidence collected during the investigation.
  3. Witness Statements: Written or recorded statements from individuals who were present during the incident or who have relevant information about it.
  4. Photos and Videos: Images and videos of the incident scene, including any physical evidence.
  5. Log Files: Log files from systems and devices that were involved in or impacted by the incident.
  6. Documentation: Relevant policies, procedures, contracts, and other documents that were used to determine the cause of the incident.
  7. Signature Page: A signature page acknowledging that the investigation was conducted and the findings are accurate.

Having all these documents attached to the incident investigation report helps ensure a comprehensive and accurate record of the incident and the steps taken to investigate it.

Leave A Comment