Jim, I’m enjoying the blog and other content, but your not going to believe this, we were just starting to implement some security capabilities and we had / have an security incident aka “situation” aka “crisis”. Help quick, please. As Dave Ramsey says all the time related to his Baby Steps, let’s put the structured design work “on pause”. Here are some very basic steps to consider, knowing that EVERY “incident” will be different and flow in a different order.
Note: This IS NOT meant to be followed during a life-safety emergency like a active shooter, fire, etc. Step 1. Call 911, Step 2. Follow 911’s / Law Enforcement’s direction, Step 3. Get everyone safely to safety. Step n….
This is also NOT meant to deal with little Johnny’s boo-boo bandaid “incident”…Step 1. Get (King David) bandaid, Step 2. Implement said bandaid. Step 3. Hug Johnnie, Step 4. Call parent if Johnnie “need my mommy”
1. Personally pray for guidance, wisdom, knowledge, peace, and for both the victim(s) and the suspect(s) and your path.
2. Develop a way to control the flow and documentation of information about the incident to the absolute need to know. Now I am NOT suggesting any cover-up but I also do NOT believe is “total transparency”, at least not at this stage.
3. Bring together wise council, this may or may not be your board, and have each person ”rate” the level of incident on a scale of say 1-5. So you make sure people are not over or under reacting.
4. Assuming your (apotoslic) elder/deacon board is not a victim or suspect, bring them together, preferably at an offsite location to discuss next steps. The initial critical pieces to consider: A. When to bring in outside professionals. B. Who/How do we respond to the traditional media AND SOCIAL MEDIA C. Who/How do we respond to staff, congregation, public D. Who/How will we control documentation E. Is there a need for our legal and CPA to be involved? F. – Z.
5. Has a crime been commited or is there a suspision that a crime has been committed? I pretty strong here, call local or federal law enforcement. Talk to them about confidentiality and communications.
6. If the security incident is confrontational in nature, determine the best way to physically AND electronically separate all parties involved.
7. Key step and assuming a crime hasn’t been comitted, if you do not have QUALIFIED, perferrably CERTIFIED, and where required by law, LICENSED security investigator and if needed, crisis management expert, get/hire ONE asap.
8. Follow the person(s)’ in step 7 direction, don’t be afraid to ask questions or challenge them, especially if they don’t understand your church’s makeup and CULTURE.
9. Keep praying, keep documenting, keep confidential, keep protecting the victims and suspects until the TRUTH comes out.
10. Upon “closure”, be transparent to your congregation AND the public (is there a difference?) to a degree that is biblical, wise, full of accountability, absolute integrity, and grace.
The #1 cause of security incidents “getting out of hand” is not following step 7 above, this isn’t about hiring me, this is about the disasters I have seen for the DIY incident / crisis / investigation management I have seen over and over.
Now, as mentioned these are BASIC steps and in future discussions we will dive deeper, not only in handling different types of security incidents (Our 2nd or 3rd episode of our podcast will cover one in detail) but also deeper dive in these basic steps.
NOTE: I can NOT provide assistance to computer intrusions, “hacks” or cyber crime.