Incident Response Roles help teams to provide visibility of the responsible users during an incident response process. Teams define the roles to use during their incident response processes and make assignments to these roles differently, per incident.
Please note that the incident response roles are display-only, i.e., just for giving visibility to the responder teams during the incidents. Incident management/action rights are handled on user/team basis via custom roles. Please make sure the user(s) added to each incident response role have the necessary incident management rights to take actions on the incidents.
Incident Response Roles are defined for each team separately. From the team’s dashboard, navigate to the Roles page, and add a new role from the 'Add an Incident Response Role’ button in the Incident Response Roles section.
Within the 'Add Incident Response Role' window, define the name and the description of the role and designate the option to show this specific role within a created incident by default.
There are 4 roles created by default for each team which can be removed if desired:
1- Incident Commander: Responsible for managing the incident response process and providing direction to the responder teams.
2- Communications Officer: Responsible for handling communications with the stakeholders and responders.
3- Scribe: Responsible for documenting the information related to incident and its response process.
4- SME (Subject Matter Expert): Technical domain experts who support the incident commander in incident resolution.
Make the assignments for each incident response role for each incident separately. Depending on the available incident response roles for each team, the members of the owner team of the incident can assign the necessary roles to the related user(s).
The incident response roles that are selected to be shown by default will always be visible in the incident’s details and its ICC sessions for the owner team to assign/fill in. The rest of the roles can be selected and assigned to user(s) by clicking to the + Assign a new role button.
Make assignments from two places:
Incident response roles for a specific incident are defined from the Incident Details page. Simply click on the incident to open its details and navigate to the Incident Response roles section. Assign users to default roles, update assignments, and/or add new roles and their assignments from the available roles defined for the owner team of the incident.
The alternate way to define incident response roles for a specific incident is from an ongoing ICC session. Click ‘Assign/Update Roles’ on the right-hand side of the ICC window. Assign users to the default roles, update the assignments, and/or add new roles and their assignments from the available roles defined for the owner team of the incident.